Linux Kernel HDMI Workqueue NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's HDMI driver for the MSM graphics subsystem can lead to a NULL pointer dereference. This issue arises because the driver did not properly check the return value of the 'alloc_ordered_workqueue' function, which can return a NULL pointer. The lack of this check can cause a NULL pointer dereference in the 'hdmi_hdcp.c' and 'hdmi_hpd.c' files.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the kernel or the affected process.

Reproduction

The vulnerability can be reproduced by loading the HDMI driver for the MSM graphics subsystem without the patch applied. This can be done by using a version of the Linux kernel that is prior to the inclusion of the patch that adds the necessary NULL pointer check. Once the driver is loaded, the absence of the check will allow the workqueue allocation to fail silently, setting up the conditions for a NULL pointer dereference when the driver attempts to use the workqueue.

Remediation

Users can upgrade to a version of the Linux kernel that includes the patch addressing this vulnerability. The patch is available in the Linux kernel stable tree.