Linux Kernel Null Pointer Dereference Vulnerability in DRM Mode Configuration

A null pointer dereference vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem. This issue arises in the 'drmm_mode_config_init()' function, which calls 'drm_mode_create_standard_properties()' without checking the return value. If 'drm_mode_create_standard_properties()' fails due to memory allocation issues, it returns a NULL pointer, leading to a null pointer dereference. This vulnerability was discovered while testing the insertion of a module called 'bochs', which caused a general protection fault due to a non-canonical address. The issue has been fixed by adding a check for the return value, ensuring that NULL pointers are properly handled.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a general protection fault. This type of fault typically results from accessing an invalid memory address, which can disrupt system operations and potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by loading a module that interacts with the DRM subsystem, such as 'bochs', into a Linux kernel version that is vulnerable. The 'drmm_mode_config_init()' function will be called, which in turn calls 'drm_mode_create_standard_properties()'. If 'drm_mode_create_standard_properties()' fails to allocate memory, a NULL pointer will be dereferenced, leading to a general protection fault.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is '834c23e4f798dcdc8af251b3c428ceef94741991', which is available in the Linux kernel stable tree.