CVE-2023-53837

Vulnerability

Overview

In the Linux kernel's MSM DRM subsystem, a NULL-pointer dereference bug exists in the deinitialization path of the display controller. The issue occurs when the kms pointer is already NULL due to early initialization errors or on platforms that do not use the DPU controller. The deinitialization code does not properly check for this condition before dereferencing the pointer, leading to a potential system crash [1][2].

Exploitation

Context

The vulnerability can be triggered during driver shutdown or error cleanup paths. No special privileges or user interaction are required, as the bug manifests during normal driver lifecycle operations. Attackers with local access or the ability to trigger device removal or driver unbind operations could potentially exploit this to cause a denial-of-service condition [1].

Impact

Successful exploitation leads to a system crash (oops) due to dereferencing a NULL pointer. This can result in a denial of service, making the system unavailable. The vulnerability does not appear to allow privilege escalation or arbitrary code execution based on the available description [1][2].

Mitigation

The fix has been applied in the Linux kernel stable trees, as referenced in the commit that adds a NULL check before the kms pointer is used during tear down. Users are advised to update their kernels to include this patch. No workaround exists other than applying the kernel update [1][2].