Linux Kernel Host1x Subsystem Uninitialized Mutex Vulnerability

A vulnerability in the Linux kernel's host1x subsystem can lead to a use of uninitialized mutex. This issue was introduced in a commit that aimed to fix a boot regression for Tegra devices. When the kernel is compiled with debug options for mutexes and lock allocation, this vulnerability triggers a warning about the mutex lock's magic value, indicating a problem with mutex initialization. The issue has been observed on the NVIDIA Jetson AGX Orin Developer Kit.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for arbitrary code execution or causing a system crash.

Reproduction

The vulnerability can be reproduced by booting a device with the affected Linux kernel version, such as 6.11.0-29.31, with CONFIG_DEBUG_MUTEXES and CONFIG_DEBUG_LOCK_ALLOC enabled. This configuration will expose the uninitialized mutex usage as a warning during the boot process.