Linux Kernel VMWGFX Null Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's VMWGFX driver allows for a null pointer dereference in the cursor snooping functionality. This issue arises because the driver does not properly check if a resource exists before using it, particularly when handling surfaces. The VMW_CMD_RES_CHECK function can accept invalid identifiers to indicate 'no surface', but this can lead to null references in functions that require actual surface objects. The vulnerability has been addressed by ensuring that both the identifier and the existence of the resource are validated before use.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by using the VMWGFX driver to perform operations that involve cursor snooping without a valid surface resource. This can be done by sending commands that include invalid surface identifiers, which the driver accepts as 'no surface', but then attempting to use the cursor snooping feature, which expects a valid surface object.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.