Linux Kernel Null Pointer Dereference Vulnerability in DRM/TTM Component

A null pointer dereference vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) Translation Table Maps (TTM) component. This issue can lead to a general protection fault, particularly for non-canonical addresses. The vulnerability arises when the code swaps out buffer objects without checking if the pointer is null, allowing for potential memory access violations.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a general protection fault.

Reproduction

The vulnerability can be reproduced by swapping out pinned buffer objects in the TTM component without checking for null pointers. This can be done by manipulating the buffer object's pin count and triggering the eviction swapout process, which will attempt to access a null pointer, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The patch is available in the Linux kernel stable tree.