CVE-2022-50878

Vulnerability

In the Linux kernel, a NULL pointer dereference vulnerability exists in the lt9611_connector_init() function of the Lontium LT9611 GPU driver. The root cause is that the code dereferences bridge->encoder at line 810 via drm_connector_attach_encoder(), but only checks for a NULL value at line 812. This means if bridge->encoder is NULL, the driver will crash before the check is reached [1][2].

Exploitation

An attacker would need to trigger the initialization of the LT9611 connector in a context where the bridge encoder has not been properly set. This could occur on systems using the LT9611 bridge chip, possibly through hot-plug events or driver binding sequences that leave the encoder pointer uninitialized. No special privileges are required beyond local access to trigger the driver path, but the attack surface is limited to systems with the affected hardware.

Impact

Successful exploitation leads to a kernel NULL pointer dereference, resulting in a system crash (denial of service). The vulnerability does not appear to allow privilege escalation or arbitrary code execution based on the available information.

Mitigation

The fix has been applied in the Linux kernel stable tree. Users should update to a kernel version containing the commit that moves the NULL check before the dereference. No workaround is documented, but ensuring the bridge encoder is always initialized before connector before initialization can prevent the issue.