Linux Kernel Null Pointer Dereference Vulnerability in DRM Writeback Initialization

A null pointer dereference vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically within the Qualcomm Snapdragon Mobile (MSM) driver) writeback initialization function. This issue arises because the memory allocation function 'devm_kzalloc()' can fail, potentially leaving the writeback connection pointer 'dpu_wb_conn' null. If this null pointer is later dereferenced, it could lead to a crash or undefined behavior. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash or undefined behavior in the system.

Reproduction

The vulnerability can be reproduced by initializing the writeback connector layer in the DRM subsystem without the proper null check after memory allocation. This can be done by triggering the 'dpu_writeback_init()' function in the 'drivers/gpu/drm/msm/disp/dpu1/dpu_writeback.c' file, before the recent patch was applied.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit that addresses this issue is '21e9a838f505178e109ccb3bf19d7808eb0326f4', which is available in the Linux kernel stable tree.