CVE-2024-50037: 
Linux Debian vulnerability analysis and mitigation

In the Linux kernel, a vulnerability was discovered in the DRM (Direct Rendering Manager) framebuffer DMA driver. The issue was introduced by commit 5a498d4d06d6 which initializes deferred I/O only if it is used. However, drmfbdevdmafbdestroy() unconditionally calls fbdeferrediocleanup() with struct fbinfo.fbdefio set to NULL (Kernel Git). This vulnerability affects Linux kernel versions from 6.11 up to (excluding) 6.11.4, as well as versions 6.12-rc1 and 6.12-rc2 (NVD).

The vulnerability manifests when KASAN (Kernel Address Sanitizer) with the out-of-tree Apple silicon display driver encounters a warning from _flushwork() of a random struct workstruct instead of the expected NULL pointer dereferences. The issue occurs in the drmfbdevdmafbdestroy() function where fbdeferrediocleanup() is called unconditionally without checking if fbdefio is initialized. The CVSS v3.1 base score is 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability can lead to system instability and potential crashes when the DRM framebuffer DMA driver is in use, particularly affecting systems using the Apple silicon display driver. The issue specifically impacts the cleanup process of deferred I/O operations in the framebuffer subsystem (NVD).

The vulnerability has been patched by adding a check for info->fbdefio before calling fbdeferrediocleanup() in the drmfbdevdmafb_destroy() function. Users should upgrade to Linux kernel version 6.11.4 or later, or apply the patch that fixes this issue (Kernel Git).