Linux Kernel DisplayPort Component Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's DisplayPort (DP) component of the Direct Rendering Manager (DRM) for the Qualcomm MSM graphics driver. This vulnerability arises during the unbinding process of the DP controller. When the DP controller is removed, the memory allocated for its submodules is freed. However, the unbind operation still attempts to clean up these submodules, leading to a use-after-free condition. This issue affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to memory corruption, potentially allowing for arbitrary code execution or causing a denial-of-service condition by crashing the system.

Reproduction

To reproduce this vulnerability, remove the DisplayPort controller while the unbind operation is still processing. This can be done by manually triggering the unbind process and then removing the controller before the unbind operation completes, causing the unbind process to access freed memory.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The patch is available in the Linux kernel stable tree.