Description

In the Linux kernel, the following vulnerability has been resolved: video/aperture: optionally match the device in sysfb_disable() In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by aperture_detach_platform_device() 3. Non-primary GPU has a VGA class and it ends up calling sysfb_disable() 4. NULL pointer dereference via sysfb_disable() since the resources have already been freed by aperture_detach_platform_device() when it was called by the other device. Fix this by passing a device pointer to sysfb_disable() and checking the device to determine if we should execute it or not. v2: Fix build when CONFIG_SCREEN_INFO is not set v3: Move device check into the mutex Drop primary variable in aperture_remove_conflicting_pci_devices() Drop __init on pci sysfb_pci_dev_is_enabled()

Weaknesses 1

Affected Products 6

References 2

• git.kernel.org https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf
  Patch
• git.kernel.org https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7
  Patch

Remediation

• git.kernel.org https://git.kernel.org/stable/c/17e78f43de0c6da34204cc858b4cc05671ea9acf
  Patch
• git.kernel.org https://git.kernel.org/stable/c/b49420d6a1aeb399e5b107fc6eb8584d0860fbd7
  Patch