git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Siyang Liu <Security@tencent.com>
	Fri, 4 Jul 2025 03:16:22 +0000 (11:16 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 28 Aug 2025 14:34:31 +0000 (16:34 +0200)
commit	4ade995b9b25b3c6e8dc42c27070340f1358d8c8
tree	ed688771646bfa56f64157d35bfe61e84b96956d	tree \| snapshot
parent	1ed73a5d8aaa7298501976bb67b124423344e801	commit \| diff

drm/amd/display: fix a Null pointer dereference vulnerability

commit 1bcf63a44381691d6192872801f830ce3250e367 upstream.

[Why]
A null pointer dereference vulnerability exists in the AMD display driver's
(DC module) cleanup function dc_destruct().
When display control context (dc->ctx) construction fails
(due to memory allocation failure), this pointer remains NULL.
During subsequent error handling when dc_destruct() is called,
there's no NULL check before dereferencing the perf_trace member
(dc->ctx->perf_trace), causing a kernel null pointer dereference crash.

[How]
Check if dc->ctx is non-NULL before dereferencing.

Link: https://lore.kernel.org/r/tencent_54FF4252EDFB6533090A491A25EEF3EDBF06@qq.com
Co-developed-by: Mario Limonciello <mario.limonciello@amd.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
(Updated commit text and removed unnecessary error message)
Signed-off-by: Siyang Liu <Security@tencent.com>
Signed-off-by: Roman Li <roman.li@amd.com>
Reviewed-by: Alex Hung <alex.hung@amd.com>
Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
(cherry picked from commit 9dd8e2ba268c636c240a918e0a31e6feaee19404)
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>