In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: sii902x: Fix probing race issue
A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge:
[ 53.271356] sii902xgetedid+0x34/0x70 [sii902x] [ 53.276066] sii902xbridgegetedid+0x14/0x20 [sii902x] [ 53.281381] drmbridgegetedid+0x20/0x34 [drm] [ 53.286305] drmbridgeconnectorgetmodes+0x8c/0xcc [drmkmshelper] [ 53.292955] drmhelperprobesingleconnectormodes+0x190/0x538 [drmkmshelper] [ 53.300510] drmclientmodesetprobe+0x1f0/0xbd4 [drm] [ 53.305958] _drmfbhelperinitialconfigandunlock+0x50/0x510 [drmkmshelper] [ 53.313611] drmfbhelperinitialconfig+0x48/0x58 [drmkmshelper] [ 53.320039] drmfbdevdmaclienthotplug+0x84/0xd4 [drmdmahelper] [ 53.326401] drmclientregister+0x5c/0xa0 [drm] [ 53.331216] drmfbdevdmasetup+0xc8/0x13c [drmdmahelper] [ 53.336881] tidssprobe+0x128/0x264 [tidss] [ 53.341174] platformprobe+0x68/0xc4 [ 53.344841] reallyprobe+0x188/0x3c4 [ 53.348501] _driverprobedevice+0x7c/0x16c [ 53.352854] driverprobedevice+0x3c/0x10c [ 53.357033] _deviceattachdriver+0xbc/0x158 [ 53.361472] busforeachdrv+0x88/0xe8 [ 53.365303] _deviceattach+0xa0/0x1b4 [ 53.369135] deviceinitialprobe+0x14/0x20 [ 53.373314] busprobedevice+0xb0/0xb4 [ 53.377145] deferredprobeworkfunc+0xcc/0x124 [ 53.381757] processonework+0x1f0/0x518 [ 53.385770] workerthread+0x1e8/0x3dc [ 53.389519] kthread+0x11c/0x120 [ 53.392750] retfromfork+0x10/0x20
The issue here is as follows:
Fix this by moving the drmbridgeadd() to the end of the sii902xinit(), which is also at the very end of sii902xprobe().
{ "vanir_signatures": [ { "digest": { "line_hashes": [ "186387787977832682903572121598949488249", "118474903143583672262512702106438256017", "130003174101599648389404901884016486938", "44650164297364526522897680622234756919", "222982495111737581839631994919029121698", "17587926318342294935264152275159477287", "107554116343857637615108975529412003512", "169927200783597787598796602804826015668", "216393082677337128479756848038726299601", "8663042990405424537229844464102916704", "313698497557028828501454200358454920416", "150349569501397985032459696668675665506", "21832005832464749609204097111447792896", "245101694188912992266633823345053491213", "288350673263781273834636850952134164047", "62815617485611707382603778713148549254", "121454188614072691707100433003960489892", "159301721423135854734566455981668138995", "95558434360651512938941848811098630702", "122383391561707161827989746404421699214", "229493014996938903576179810552531947710" ], "threshold": 0.9 }, "target": { "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@08ac6f132dd77e40f786d8af51140c96c6d739c9", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-04fc3cab" }, { "digest": { "line_hashes": [ "186387787977832682903572121598949488249", "118474903143583672262512702106438256017", "130003174101599648389404901884016486938", "44650164297364526522897680622234756919", "222982495111737581839631994919029121698", "17587926318342294935264152275159477287", "107554116343857637615108975529412003512", "169927200783597787598796602804826015668", "216393082677337128479756848038726299601", "8663042990405424537229844464102916704", "313698497557028828501454200358454920416", "150349569501397985032459696668675665506", "21832005832464749609204097111447792896", "245101694188912992266633823345053491213", "288350673263781273834636850952134164047", "62815617485611707382603778713148549254", "121454188614072691707100433003960489892", "159301721423135854734566455981668138995", "95558434360651512938941848811098630702", "122383391561707161827989746404421699214", "229493014996938903576179810552531947710" ], "threshold": 0.9 }, "target": { "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56f96cf6eb11a1c2d594367c3becbfb06a855ec1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-3ba8fd2c" }, { "digest": { "length": 1547.0, "function_hash": "225579769485797703115472622239797475389" }, "target": { "function": "sii902x_init", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0f83c234ea7a3dec1f84e5d02caa1c51664a076", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-47e132b6" }, { "digest": { "length": 1547.0, "function_hash": "225579769485797703115472622239797475389" }, "target": { "function": "sii902x_init", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@08ac6f132dd77e40f786d8af51140c96c6d739c9", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-591f106c" }, { "digest": { "line_hashes": [ "186387787977832682903572121598949488249", "118474903143583672262512702106438256017", "130003174101599648389404901884016486938", "44650164297364526522897680622234756919", "222982495111737581839631994919029121698", "17587926318342294935264152275159477287", "107554116343857637615108975529412003512", "169927200783597787598796602804826015668", "216393082677337128479756848038726299601", "8663042990405424537229844464102916704", "313698497557028828501454200358454920416", "150349569501397985032459696668675665506", "163530883467623927007397764196668271479", "329801896985653439119636538929857327856", "288350673263781273834636850952134164047", "62815617485611707382603778713148549254", "121454188614072691707100433003960489892", "159301721423135854734566455981668138995", "95558434360651512938941848811098630702", "122383391561707161827989746404421699214", "229493014996938903576179810552531947710" ], "threshold": 0.9 }, "target": { "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0f83c234ea7a3dec1f84e5d02caa1c51664a076", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-7073f99a" }, { "digest": { "line_hashes": [ "186387787977832682903572121598949488249", "118474903143583672262512702106438256017", "130003174101599648389404901884016486938", "44650164297364526522897680622234756919", "222982495111737581839631994919029121698", "17587926318342294935264152275159477287", "107554116343857637615108975529412003512", "169927200783597787598796602804826015668", "216393082677337128479756848038726299601", "8663042990405424537229844464102916704", "313698497557028828501454200358454920416", "150349569501397985032459696668675665506", "21832005832464749609204097111447792896", "245101694188912992266633823345053491213", "288350673263781273834636850952134164047", "62815617485611707382603778713148549254", "121454188614072691707100433003960489892", "159301721423135854734566455981668138995", "95558434360651512938941848811098630702", "122383391561707161827989746404421699214", "229493014996938903576179810552531947710" ], "threshold": 0.9 }, "target": { "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a4c6af7934a7b4c304542c38fee35e09cc1770c", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-73b3c10a" }, { "digest": { "length": 138.0, "function_hash": "29176163798716837368764648116922131734" }, "target": { "function": "sii902x_remove", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@e0f83c234ea7a3dec1f84e5d02caa1c51664a076", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-abeb0d08" }, { "digest": { "length": 138.0, "function_hash": "29176163798716837368764648116922131734" }, "target": { "function": "sii902x_remove", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@08ac6f132dd77e40f786d8af51140c96c6d739c9", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-b6a586e9" }, { "digest": { "length": 138.0, "function_hash": "29176163798716837368764648116922131734" }, "target": { "function": "sii902x_remove", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56f96cf6eb11a1c2d594367c3becbfb06a855ec1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-c81986c9" }, { "digest": { "length": 138.0, "function_hash": "29176163798716837368764648116922131734" }, "target": { "function": "sii902x_remove", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a4c6af7934a7b4c304542c38fee35e09cc1770c", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-cc6a9c24" }, { "digest": { "length": 1547.0, "function_hash": "225579769485797703115472622239797475389" }, "target": { "function": "sii902x_init", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@56f96cf6eb11a1c2d594367c3becbfb06a855ec1", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-d0695447" }, { "digest": { "length": 1547.0, "function_hash": "225579769485797703115472622239797475389" }, "target": { "function": "sii902x_init", "file": "drivers/gpu/drm/bridge/sii902x.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@2a4c6af7934a7b4c304542c38fee35e09cc1770c", "deprecated": false, "signature_version": "v1", "id": "CVE-2024-26607-efec59f3" } ] }