Linux Kernel Mediatek DRM Old State CRTC Error Handling Vulnerability

A vulnerability in the Linux kernel's handling of Display Render Manager (DRM) for Mediatek after a hotplug event can lead to a kernel panic. The issue arises because the cursor continues to update, causing a NULL pointer dereference by accessing an invalid 'old_state->crtc'. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a kernel panic, disrupting system operations by leading to an unexpected shutdown or restart of the kernel, which can cause a denial of service on the affected system.

Reproduction

The vulnerability can be reproduced by initiating a hotplug event, which triggers the issue of the cursor updating while the 'old_state->crtc' is NULL. This can be done by disconnecting and reconnecting a display device, such as a monitor or a display cable, while the system is running. After the hotplug event, the cursor will continue to update, and accessing the NULL 'old_state->crtc' will result in a kernel NULL pointer dereference, causing a kernel panic.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.