Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
drm: bridge: dw_hdmi: fix connector access for scdc
Commit 5d844091f237 (“drm/scdc-helper: Pimp SCDC debugs”) changed the scdc interface to pick up an i2c adapter from a connector instead. However, in the case of dw-hdmi, the wrong connector was being used to pass i2c adapter information, since dw-hdmi’s embedded connector structure is only populated when the bridge attachment callback explicitly asks for it.
drm-meson is handling connector creation, so this won’t happen, leading to a NULL pointer dereference.
Fix it by having scdc functions access dw-hdmi’s current connector pointer instead, which is assigned during the bridge enablement stage.
[narmstrong: moved Fixes tag before first S-o-b and added Reported-by tag]
Details
- Affected product:
- AlmaLinux 9.2 ESU , TuxCare 9.6 ESU
- Affected packages:
- kernel @ 5.14.0 (+1 more)
In the Linux kernel, the following vulnerability has been resolved:
drm: bridge: dw_hdmi: fix connector access for scdc
Commit 5d844091f237 (“drm/scdc-helper: Pimp SCDC debugs”) changed the scdc interface to pick up an i2c adapter from a connector instead. However, in the case of dw-hdmi, the wrong connector was being used to pass i2c adapter information, since dw-hdmi’s embedded connector structure is only populated when the bridge attachment callback explicitly asks for it.
drm-meson is handling connector creation, so this won’t happen, leading to a NULL pointer dereference.
Fix it by having scdc functions access dw-hdmi’s current connector pointer instead, which is assigned during the bridge enablement stage.
[narmstrong: moved Fixes tag before first S-o-b and added Reported-by tag]