Linux Kernel MediaTek DisplayPort Bridge NULL Pointer Dereference Vulnerability

A vulnerability in the MediaTek DisplayPort interface bridge driver of the Linux kernel can lead to a NULL pointer dereference, causing a kernel crash. This issue arises because the driver triggers interrupts before the bridge is attached to a Direct Rendering Manager (DRM) device. The function handling the hot-plug detection (HPD) events does not validate the DRM device pointer, allowing a NULL pointer to cause a crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a kernel NULL pointer dereference, causing a system crash.

Reproduction

The vulnerability can be reproduced by probing the MediaTek DisplayPort interface bridge driver, which will immediately start interrupt handling. If the interrupts are triggered before the bridge is attached to a DRM device, the hot-plug detection event will be processed with a NULL pointer, causing a kernel crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.