Linux Kernel NULL Pointer Dereference Vulnerability in DRM/TTM Component

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) component, specifically within the Translation Table Mapping (TTM) subsystem, has been addressed. This vulnerability could lead to a NULL pointer dereference for buffer objects (BOs) that have been evicted and are not currently linked to a resource. When the 'devcoredump' process attempts to read the contents of all BOs for memory dumping, it must account for this possibility. In such cases, the absence of data is noted instead of the actual buffer contents, which could lead to unexpected behavior or crashes.

Impact

Exploitation of this vulnerability could cause a system crash due to a NULL pointer dereference, disrupting normal operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by creating a buffer object in the DRM/TTM subsystem and then evicting it, so it is no longer associated with a resource. When 'devcoredump' is executed, it will attempt to read the contents of all buffer objects. The evicted buffer object will cause a NULL pointer dereference, as the system does not expect a buffer to be unlinked from a resource.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.