Linux Kernel DRM/MSM Separate GPU and Display Devices Initialization Vulnerability

A vulnerability in the Linux kernel's DRM (Direct Rendering Manager) for the MSM (Mobile Station Modem) graphics driver has been addressed. The issue arose because the 'lookup_vma()' function accessed an uninitialized list of GPU virtual addresses. This problem occurred when the DRM driver did not support the 'DRIVER_GEM_GPUVA' feature, leading to a kernel paging request error. The vulnerability was triggered by enabling separate bindings of GPU and display devices, causing a level 2 translation fault and an internal kernel error.

Impact

The vulnerability caused a kernel panic by attempting to access an uninitialized memory address, leading to a data abort exception. This type of error typically causes the system to halt or crash, disrupting normal operations.

Reproduction

The vulnerability can be reproduced by loading the MSM DRM KMS driver with the 'separate_gpu_drm' module parameter set to 1. This configuration will trigger the uninitialized GPU virtual address list access, causing a kernel paging request error and a subsequent crash.

Remediation

The vulnerability has been fixed by enabling the 'DRIVER_GEM_GPUVA' feature for the MSM KMS DRM driver. Users should update to the latest version of the Linux kernel where this fix has been applied.