CVE-2024-43902: Drm/amd/display: Null Checker Fix Resolved in Linux Kernel

A new security update designated as CVE-2024-43902 has been released to fix a vulnerability found in the Linux kernel, specifically in the drm/amd/display subsystem. The vulnerability could potentially lead to null pointer dereferences, which, in turn, could cause a denial of service (DoS) or other unexpected behavior. This blog post will detail the bug, the fix, and provide references to the original sources.

Exploit Details

The vulnerability originates from the drm/amd/display subsystem, which is responsible for the display handling in various AMD graphics drivers. It has been discovered that null pointer checks were missing in specific parts of the code, leading to the Coverity scanning tool detecting 3 NULL_RETURNS issues. The vulnerability could allow a malicious user to exploit these issues for denial of service or other unintended consequences.

Code Snippet

Here is a code snippet displaying the problematic area in the Linux kernel source before the fix was applied:

static int amdgpu_dm_get_monitor_brightness(struct backlight_device *bd)
{
	struct dc_link *link = bl_get_data(bd);
	int level;

	level = link->ddc->funcs->get_monitor_brightness(link->ddc);
	return level;
}

As seen in the code above, the link->ddc->funcs pointer is dereferenced without any validation, which may lead to a null pointer dereference in cases where link->ddc->funcs is improperly initialized or allocated.

The Fix

The resolution for this vulnerability is a simple null checker added before passing variables to functions in the problematic area. This null checker ensures that problems with uninitialized or improperly allocated variables will not lead to null pointer dereferences, effectively fixing the issue.

Here is the updated code snippet with the fix applied

static int amdgpu_dm_get_monitor_brightness(struct backlight_device *bd)
{
	struct dc_link *link = bl_get_data(bd);
	int level;

	if (!link || !link->ddc || !link->ddc->funcs)
		return -EINVAL;

	level = link->ddc->funcs->get_monitor_brightness(link->ddc);
	return level;
}

In the fixed code above, the additional null check of !link || !link->ddc || !link->ddc->funcs ensures that the pointers are initialized and allocated properly before being dereferenced, significantly reducing the risk of a null pointer dereference.

The original commit that fixed the vulnerability can be found at the following link

- Fix commit in Linux kernel

Additionally, here are some resources to better understand the issue and the fix

- Linux kernel source code
- Coverity scanning tool
- AMD graphics drivers documentation

Conclusion

CVE-2024-43902 has been resolved in the Linux kernel with the addition of a simple null checker in the drm/amd/display subsystem. This fix reduces the risk of null pointer dereferences and the potential for denial of service attacks or other unintended consequences. Users are encouraged to update their Linux kernel accordingly to ensure they have the most secure and stable version available.

Timeline

Published on: 08/26/2024 11:15:04 UTC
Last modified on: 08/27/2024 14:38:51 UTC