A vulnerability in the Linux kernel has been identified and resolved. This critical security issue is related to the drm/i915/bios code module and specifically impacts the function intel_bios_encoder_supports_dp_dual_mode(). The vulnerability could have allowed a null pointer dereference, leading to a possible kernel panic or, in severe cases, a complete system crash.

Exploit Details

The vulnerability comes into play when the Linux kernel doesn't have a Video BIOS Table (VBT) or the VBT doesn't declare the encoder being queried. In such scenarios, the 'devdata' parameter for the encoder will be uninitialized (NULL), and attempting to access it would lead to an out-of-bounds memory issue.

To address this potential security risk, the fix implemented is to check if the 'devdata' is actually NULL before trying to access it. If it is found to be NULL, the function then returns immediately, thus avoiding any potential memory access errors.

The following code snippet demonstrates the changes made to resolve this vulnerability

bool intel_bios_encoder_supports_dp_dual_mode(struct drm_connector *connector)
{
   ...
   struct intel_encoder *intel_encoder = NULL;
   ...
   devdata = intel_encoder->devdata;
   if (!devdata) {
       DRM_DEBUG_KMS("No devdata for connector %d\n", connector->index);
       return false;
   }
   ...
}

The lines of code added for this fix can be seen in the 'if' statement checking for '!devdata'. If devdata==NULL, the function logs a message to the kernel log (via DRM_DEBUG_KMS macro) and then promptly returns 'false'.

The cherry-picked commit that contained the fix can be found at: 26410896206342c8a80d2b027923e9ee7d33b733

Original References

To learn more about the Linux kernel's drm/i915/bios module and the associated vulnerability, you can refer to these official documentation sources:

1. Linux kernel documentation: A comprehensive overview of the Intel graphics driver, including the drm/i915/bios module.
2. intel_bios_encoder_supports_dp_dual_mode() function description: The function in question along with its source code and relevant comments.
3. CVE-2024-26938 in the National Vulnerability Database: The official entry for this vulnerability, assigned CVE ID CVE-2024-26938, in the National Vulnerability Database.

Conclusion

The resolution of this vulnerability demonstrates the ongoing commitment of the Linux kernel development community to maintain high security standards and ensure system stability. By addressing this issue, users can feel more confident in the platform's resilience against potential attacks and maintain a secure computing environment.

Timeline

Published on: 05/01/2024 06:15:09 UTC
Last modified on: 11/21/2024 09:03:25 UTC