Linux Kernel AMD Display NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's AMD display driver can lead to a NULL pointer dereference. This issue arises because the array size for links is smaller than the actual requirement, causing a mismatch that can be exploited. The vulnerability is present in the stable version of the Linux kernel.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, which can lead to a system crash or instability.

Reproduction

The vulnerability can be reproduced by initializing the hardware for a display pipeline that includes DisplayPort Interoperability Application (DPIA) links. The 'dcn401_init_hw' function in the 'dcn401_hwseq.c' file will attempt to access the link encoders for these DPIA links. However, if the link endpoint type is not recognized as a physical display endpoint, the function will skip the initialization, potentially leaving the link in a non-functional state. This behavior can be triggered by configuring the display pipeline to include non-physical DPIA links, which will result in a NULL pointer access for the link encoder.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.