CVE-2026-31562

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register<br /> <br /> The call to mipi_dsi_host_register triggers a callback to mtk_dsi_bind,<br /> which uses dev_get_drvdata to retrieve the mtk_dsi struct, so this<br /> structure needs to be stored inside the driver data before invoking it.<br /> <br /> As drvdata is currently uninitialized it leads to a crash when<br /> registering the DSI DRM encoder right after acquiring<br /> the mode_config.idr_mutex, blocking all subsequent DRM operations.<br /> <br /> Fixes the following crash during mediatek-drm probe (tested on Xiaomi<br /> Smart Clock x04g):<br /> <br /> Unable to handle kernel NULL pointer dereference at virtual address<br /> 0000000000000040<br /> [...]<br /> Modules linked in: mediatek_drm(+) drm_display_helper cec drm_client_lib<br /> drm_dma_helper drm_kms_helper panel_simple<br /> [...]<br /> Call trace:<br /> drm_mode_object_add+0x58/0x98 (P)<br /> __drm_encoder_init+0x48/0x140<br /> drm_encoder_init+0x6c/0xa0<br /> drm_simple_encoder_init+0x20/0x34 [drm_kms_helper]<br /> mtk_dsi_bind+0x34/0x13c [mediatek_drm]<br /> component_bind_all+0x120/0x280<br /> mtk_drm_bind+0x284/0x67c [mediatek_drm]<br /> try_to_bring_up_aggregate_device+0x23c/0x320<br /> __component_add+0xa4/0x198<br /> component_add+0x14/0x20<br /> mtk_dsi_host_attach+0x78/0x100 [mediatek_drm]<br /> mipi_dsi_attach+0x2c/0x50<br /> panel_simple_dsi_probe+0x4c/0x9c [panel_simple]<br /> mipi_dsi_drv_probe+0x1c/0x28<br /> really_probe+0xc0/0x3dc<br /> __driver_probe_device+0x80/0x160<br /> driver_probe_device+0x40/0x120<br /> __device_attach_driver+0xbc/0x17c<br /> bus_for_each_drv+0x88/0xf0<br /> __device_attach+0x9c/0x1cc<br /> device_initial_probe+0x54/0x60<br /> bus_probe_device+0x34/0xa0<br /> device_add+0x5b0/0x800<br /> mipi_dsi_device_register_full+0xdc/0x16c<br /> mipi_dsi_host_register+0xc4/0x17c<br /> mtk_dsi_probe+0x10c/0x260 [mediatek_drm]<br /> platform_probe+0x5c/0xa4<br /> really_probe+0xc0/0x3dc<br /> __driver_probe_device+0x80/0x160<br /> driver_probe_device+0x40/0x120<br /> __driver_attach+0xc8/0x1f8<br /> bus_for_each_dev+0x7c/0xe0<br /> driver_attach+0x24/0x30<br /> bus_add_driver+0x11c/0x240<br /> driver_register+0x68/0x130<br /> __platform_register_drivers+0x64/0x160<br /> mtk_drm_init+0x24/0x1000 [mediatek_drm]<br /> do_one_initcall+0x60/0x1d0<br /> do_init_module+0x54/0x240<br /> load_module+0x1838/0x1dc0<br /> init_module_from_file+0xd8/0xf0<br /> __arm64_sys_finit_module+0x1b4/0x428<br /> invoke_syscall.constprop.0+0x48/0xc8<br /> do_el0_svc+0x3c/0xb8<br /> el0_svc+0x34/0xe8<br /> el0t_64_sync_handler+0xa0/0xe4<br /> el0t_64_sync+0x198/0x19c<br /> Code: 52800022 941004ab 2a0003f3 37f80040 (29005a80)