Linux Kernel NULL Pointer Dereference Vulnerability in AMD DCN401 Display Handling

A NULL pointer dereference vulnerability has been identified in the Linux kernel's handling of AMD graphics in the DCN401 display sequence. The issue arises in the 'dcn401_init_hw()' function, which incorrectly assumes that the 'update_bw_bounding_box()' callback is valid before it is called. The existing condition can allow the 'freq_changed' branch to evaluate as true, independent of whether the callback pointer is valid, leading to a dereference of a NULL pointer. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by invoking the 'dcn401_init_hw()' function in a context where the 'update_bw_bounding_box()' callback is not set, but the 'freq_changed' condition is true. This scenario will trigger the NULL pointer dereference by calling the callback when it is NULL, causing a crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.