A new vulnerability, identified as CVE-2024-56777, has surfaced in the Linux kernel. This flaw affects the Direct Rendering Manager (DRM) subsystem and particularly the sti_gpu driver - drm/sti. To help you understand the vulnerability and implement a fix, we'll provide a brief overview and explanation of the issue, along with code snippets, links to the original references, and exploit details.

Vulnerability Summary

The vulnerability exists in the DRM subsystem of the Linux kernel, specifically in the sti_gdp_atomic_check function. This function improperly checks the return value of the drm_atomic_get_crtc_state() function, leading to a possible dereference of the error pointer 'crtc_state' in case of failure.

Original References

The original patch for the issue can be found at the Linux kernel mailing list: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check

The CVE reference for the vulnerability is as follows: CVE-2024-56777

Code Snippet

Before the patch was applied, the code in the sti_gdp_atomic_check function did not check for error pointers, as seen below:

static int sti_gdp_atomic_check(struct drm_plane *drm_plane,
				  struct drm_plane_state *state)
{
	struct drm_crtc_state *crtc_state;
	int err;

	if (!state->crtc)
		return ;

	WARN_ON(!state->state);

	crtc_state = drm_atomic_get_crtc_state(state->state, state->crtc);
	/* missed error pointer check was here */

	err = sti_gdp_check_scaling(state, crtc_state);
	if (err)
		return err;

	return ;
}

After the patch, proper error-pointer checking has been implemented

static int sti_gdp_atomic_check(struct drm_plane *drm_plane,
				  struct drm_plane_state *state)
{
	struct drm_crtc_state *crtc_state;
	int err;

	if (!state->crtc)
		return ;

	WARN_ON(!state->state);

	crtc_state = drm_atomic_get_crtc_state(state->state, state->crtc);
	if (IS_ERR(crtc_state))
		return PTR_ERR(crtc_state); /* error pointer check added */

	err = sti_gdp_check_scaling(state, crtc_state);
	if (err)
		return err;

	return ;
}

Exploit Details

To exploit this vulnerability, an attacker would need to cause the function drm_atomic_get_crtc_state() to return an error pointer. This could be accomplished by mounting a maliciously crafted Direct Rendering Infrastructure (DRI) client that can interact with the vulnerable DRM subsystem of the Linux kernel. However, it should be noted that successful exploitation may lead to denial of service (DoS) and possibly further memory corruption, depending on the kernel's memory layout.

Conclusion

CVE-2024-56777 is a critical vulnerability in the Linux kernel affecting the Direct Rendering Manager subsystem. The patch provided by the kernel maintainers properly checks for error pointers, eliminating the vulnerability. To safeguard your Linux systems, it is essential to implement this patch and keep your kernel up to date. Ensure that you regularly monitor for new vulnerabilities and updates to maintain optimal security.

Timeline

Published on: 01/08/2025 18:15:18 UTC
Last modified on: 01/09/2025 21:43:37 UTC