Hsin-Yi Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer crash has been fixed in the Linux kernel, specifically in the `drm/mediatek` module, related to the `mtk drm crtc finish page flip` function. The issue occurs when `mtk crtc->event` is NULL, causing a race condition between `mtk drm crtc atomic flush` and `mtk drm finish page flip`. This happens because `pending needs vblank` value is set by `mtk crtc->event`, but in `mtk drm crtc atomic flush`, it's not guarded by the same lock as in `mtk drm finish page flip`. The problem can be efficiently resolved by checking if `mtk crtc->event` is null before use. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the version containing the commit b34ea31fe013 **Description** A vulnerability in the Linux kernel has been resolved. The issue was related to the iommu clock control in the mtk iommu remove function. After a specific commit, the iommu clock is controlled by the runtime callback, thus removing the need for clk control in the mtk iommu remove function. Without this fix, a warning would occur when unbinding the mtk-iommu driver, resulting in a call trace and a warning message indicating that the vpp0 smi iommu is already disabled. **Recommendations** For Linux kernel versions prior to the version containing the commit b34ea31fe013, update to a version that includes this commit to resolve the issue. As a temporary workaround, consider avoiding the removal of the mtk-iommu driver to prevent the warning message.