Linux Kernel NULL Pointer Dereference and Memory Leak Vulnerability in MediaTek MDP3 Driver

A vulnerability in the MediaTek MDP3 driver of the Linux kernel can lead to a NULL pointer dereference and a memory leak. This issue arises because the driver did not properly check the return value of the 'ida_alloc' function, potentially allowing a NULL pointer dereference. Additionally, if the 'mdp_m2m_open' function fails, the allocated 'ctx->id' is not freed, causing a memory leak.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the affected component or system. Additionally, the vulnerability causes a memory leak, which can degrade system performance over time.

Reproduction

The vulnerability can be reproduced by loading the MediaTek MDP3 driver in the Linux kernel. The issue occurs when the driver allocates an ID using the 'ida_alloc' function without checking if the allocation was successful. If the allocation fails, the driver later attempts to use the ID, leading to a NULL pointer dereference. Furthermore, if the 'mdp_m2m_open' function fails after a successful ID allocation, the driver does not free the allocated ID, causing a memory leak.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patch is included in the commit 'd00f592250782538cda87745607695b0fe27dcd4', which is part of the Linux kernel stable release.