CVE-2024-53056 Information

Description

In the Linux kernel the following vulnerability has been resolved:

drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy()

In mtk_crtc_create() if the call to mbox_request_channel() fails then we set the \mtk_crtc->cmdq_client.chan\ pointer to NULL. In that situation we do not call cmdq_pkt_create().

During the cleanup we need to check if the \mtk_crtc->cmdq_client.chan\nis NULL first before calling cmdq_pkt_destroy(). Calling cmdq_pkt_destroy() is unnecessary if we didn’t call cmdq_pkt_create() and it will result in a NULL pointer dereference.

Reference

https://git.kernel.org/stable/c/c60583a87cb4a85b69d1f448f0be5eb6ec62cbb2 https://git.kernel.org/stable/c/4018651ba5c409034149f297d3dd3328b91561fd