CVE-2023-54018

The vulnerability resides in the Linux kernel's DRM subsystem for MSM (Qualcomm Snapdragon) HDMI hardware. The function alloc_ordered_workqueue can return a NULL pointer if memory allocation fails. In the HDMI driver's HDCP and HPD paths, the return value was not checked before using the workqueue, leading to a potential NULL pointer dereference [1][2][3].

Exploitation

An attacker would need to trigger a memory allocation failure for the workqueue, possibly by exhausting system memory or through other resource starvation. The bug is reachable when the HDMI display is active and HDCP or hot-plug detection events occur. No special privileges beyond local access are required, as the driver is exposed through the kernel's DRM interface [1].

Impact

A successful exploit could cause a kernel NULL pointer dereference, leading to a denial of service (system crash or hang). In some configurations, this may also allow privilege escalation if the attacker can control the dereferenced memory, though the patch description focuses on the crash scenario [1].

Mitigation

The fix adds a proper check for the return value of alloc_ordered_workqueue and gracefully handles the failure by returning an error. The patch has been applied to the stable kernel trees [2][3]. Users should update to a kernel containing this fix (e.g., Linux 6.7 and later). As of 2025-12-24, the CVE is not listed on CISA's Known Exploited Vulnerabilities catalog.