Linux Kernel Shadow Buffer Vulnerability in DRM FBDEV DMA

Vulnerability

A vulnerability in the Linux kernel's DRM FBDEV DMA handling has been addressed by introducing shadow buffering for deferred I/O. Previously, DMA areas were not always backed by a struct page, leading to potential NULL pointer dereferences or paging request issues. The vulnerability arose because deferred I/O could be used without a shadow buffer, causing driver errors. The patch separates the initial allocation of a DMA-backed buffer object from the setup of FBDEV data structures, ensuring that deferred I/O is now only possible with a shadow buffer, which can be reintroduced if a reliable test for a usable struct page in the DMA buffer object is developed.

Impact

Exploitation of this vulnerability could lead to kernel NULL pointer dereferences or paging request errors, causing driver failures.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Shadow Buffer Vulnerability in DRM FBDEV DMA

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating