Linux Kernel NULL Pointer Dereference Vulnerability in DRM Shadow Plane Reset

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) subsystem can lead to a NULL pointer dereference. This issue occurs in the 'drm_gem_reset_shadow_plane' function, where the plane state can be NULL. The vulnerability has been addressed by modifying the function to check for a NULL plane state and forward it appropriately to other plane-reset helpers, ensuring that the plane state is cleared to NULL. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by invoking the '__drm_gem_reset_shadow_plane' function with a NULL shadow plane state. This can be done in a scenario where the plane state is not properly initialized or is cleared to NULL before the function call, such as during certain graphics operations that involve plane state management.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.