Linux Kernel Media: MediaTek VCodec PM Runtime Management Crash Vulnerability

A vulnerability in the Linux kernel's MediaTek VCodec driver can lead to a crash when the decoder is disabled. This issue occurs because the 'pm_runtime_disable' function is called without proper checks, causing a crash log to be generated. The problem arises when the architecture does not support sub-devices, leaving the 'pm.dev' reference null. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a system crash, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, load the MediaTek VCodec decoder on a Linux kernel version that is affected. When the decoder is disabled, the 'pm_runtime_disable' function will be called. If the architecture does not support sub-devices, this will result in a crash, as the function tries to disable power management on a null device reference.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.