Linux Kernel NULL Pointer Dereference Vulnerability in DRM Mediatek Component

A vulnerability allowing a NULL pointer dereference has been identified in the Linux kernel's Direct Rendering Manager (DRM) Mediatek component. This issue arises because the 'devm_kcalloc' function can return NULL, and the return value was not properly checked, leading to a potential dereference of a NULL pointer. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by creating a DRM Mediatek CRT component without proper checks for the 'devm_kcalloc' return value. This can be done by modifying the 'mtk_drm_crtc_create' function in the 'mtk_drm_crtc.c' file to remove the checks for the 'devm_kcalloc' return value, allowing a NULL pointer to be dereferenced.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The official Linux kernel Git repository can be checked out for the latest stable releases.