Linux Kernel NULL Pointer Dereference Vulnerability in DRM/TTM Component

Vulnerability

A vulnerability allowing a NULL pointer dereference has been identified in the Linux kernel's DRM/TTM component. This issue arises from the LRU mechanism potentially accessing a resource that is in the process of being removed from an object. The current locking rules create a conflict, as the 'res->bo' assignment is safeguarded by the LRU lock, while 'bo->resource' relies on the object lock. Additionally, clearing 'bo->resource' is also LRU lock-protected. This misalignment can lead to a situation where 'bo->resource' is NULL when dereferenced in 'ttm_bo_swapout()', causing a crash.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a system crash.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel NULL Pointer Dereference Vulnerability in DRM/TTM Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating