Linux Kernel Auxiliary Device Management Vulnerability in DRM MSM DP Component

A vulnerability exists in the Linux kernel's DRM MSM DP component, specifically related to how auxiliary devices are managed in conjunction with DisplayPort (DP) controllers. The issue arises because the device resources for auxiliary buses are not properly synchronized with the DP controller's lifecycle, leading to potential use-after-free errors. This can occur when the controller is torn down, but the auxiliary device still attempts to access its resources, causing a KASAN-reported fault. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to use-after-free errors in DisplayPort resources, causing occasional KASAN faults. This mismanagement can disrupt the normal functioning of connected DisplayPort devices, potentially leading to crashes or undefined behavior.

Reproduction

The vulnerability can be reproduced by using an eDP panel device that reads EDID information. This will trigger a use-after-free error on DP resources, which can be observed as a KASAN fault.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version available in the Linux kernel stable tree.