Linux Kernel NULL Pointer Dereference Vulnerability in DRM Subsystem

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem allows for a NULL pointer dereference. This issue arises in the 'drm_copy_field()' function, which copies certain driver fields to user space via the 'DRM_IOCTL_VERSION' command. If a driver fails to initialize these fields correctly, 'drm_copy_field()' may attempt to copy a NULL pointer, leading to a kernel crash. The vulnerability has been addressed by modifying 'drm_copy_field()' to check for NULL pointers before attempting to copy data.

Impact

Exploitation of this vulnerability causes a kernel crash due to an unhandled NULL pointer dereference, which can lead to a denial of service.

Reproduction

The vulnerability can be reproduced by using a GPU driver that does not properly initialize all required fields in the 'drm_driver' structure. When the 'DRM_IOCTL_VERSION' command is issued, 'drm_copy_field()' will attempt to copy the uninitialized fields, resulting in a NULL pointer dereference and a kernel crash.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.