Linux Kernel Null Pointer Dereference Vulnerability in DRM MSM DPU Resource Management

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) for the Qualcomm Mobile Subsystem (MSM) Display Pipeline Unit (DPU) has been addressed. This issue arises when the system's topology requests resources that have not been allocated, particularly Display Stream Compression (DSC) blocks. These unallocated resources remain as NULL in the global state but are incorrectly returned by the resource management function, leading to a null pointer dereference. Such dereferences can cause a platform lockup, creating a challenging debugging scenario. The vulnerability has been fixed by ensuring that the count of allocated blocks does not exceed the available resources, thereby preventing the null pointer dereference and the associated platform lockup.

Impact

Exploitation of this vulnerability could lead to a null pointer dereference, causing a platform lockup that is difficult to diagnose.

Reproduction

The vulnerability can be reproduced by requesting unallocated resources through the DPU resource management functions. This can be done by creating a topology that includes DSC blocks not represented in the system's configuration, which will result in the resource management function returning NULL pointers instead of valid resource references.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.