Linux Kernel Null Pointer Dereference Vulnerability in AMD Display Driver

A null pointer dereference vulnerability has been identified in the Linux kernel's AMD display driver, specifically within the cleanup function 'dc_destruct()' of the Display Core (DC) module. This vulnerability arises when the display control context ('dc->ctx') fails to initialize properly due to memory allocation issues, leaving the pointer NULL. During error handling, 'dc_destruct()' is called without checking if 'dc->ctx' is non-NULL, leading to a crash by dereferencing a NULL pointer. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel crash due to a null pointer dereference, disrupting system stability and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by causing a memory allocation failure during the construction of the display control context in the AMD display driver's DC module. This can be simulated by manipulating the driver's initialization process to induce a failure, leaving the context pointer NULL. When the 'dc_destruct()' function is subsequently called as part of the driver's cleanup process, the absence of a NULL check before accessing the 'perf_trace' member results in a null pointer dereference, crashing the kernel.

Remediation

The vulnerability has been addressed by modifying the 'dc_destruct()' function to include a check that ensures 'dc->ctx' is not NULL before dereferencing any of its members. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this vulnerability.