CVE-2021-47108

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to a NULL pointer dereference in the mediatek component of the Linux kernel, specifically in the mtk hdmi bridge mode valid() function. This occurs when a HDMI cable is plugged in and the kernel attempts to access the mtk hdmi conf structure, which is not provided by MT8173, leading to a kernel crash. The problem was introduced by commits that added checks for CEA modes and maximal HDMI mode clock. To fix this regression, a NULL pointer check for hdmi->conf needs to be added to the mtk hdmi bridge mode valid() function to restore HDMI functionality and prevent NULL pointer kernel panics.

Recommendations To resolve the issue, add a NULL pointer check for hdmi->conf in the mtk hdmi bridge mode valid() function. This will restore HDMI functionality and avoid NULL pointer kernel panics. As a temporary workaround, consider disabling the mtk hdmi bridge mode valid() function until a patch is available. Restrict access to the vulnerable drm/mediatek module to minimize the risk of exploitation. Avoid using the hdmi->conf structure in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.