CVE-2024-49901

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58

Description: The issue arises from the Linux kernel's handling of GPU device initialization, specifically in the drm/msm/adreno component. In certain cases, such as when speedbin data is present in the catalog but opp-supported-hw is missing in the device tree, the msm gpu cleanup() function is called with gpu->pdev equal to NULL. This occurs because the GPU device has not been fully initialized. Assigning msm gpu->pdev earlier is considered the least painful solution to avoid nullptr dereferences.

Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider modifying the kernel code to assign msm gpu->pdev earlier in the initialization process to avoid nullptr dereferences. Restrict access to the vulnerable drm/msm/adreno component to minimize the risk of exploitation until the issue is resolved.