CVE-2023-53851

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/msm/dp: Drop aux devices together with DP controller<br /> <br /> Using devres to depopulate the aux bus made sure that upon a probe<br /> deferral the EDP panel device would be destroyed and recreated upon next<br /> attempt.<br /> <br /> But the struct device which the devres is tied to is the DPUs<br /> (drm_dev-&gt;dev), which may be happen after the DP controller is torn<br /> down.<br /> <br /> Indications of this can be seen in the commonly seen EDID-hexdump full<br /> of zeros in the log, or the occasional/rare KASAN fault where the<br /> panel&amp;#39;s attempt to read the EDID information causes a use after free on<br /> DP resources.<br /> <br /> It&amp;#39;s tempting to move the devres to the DP controller&amp;#39;s struct device,<br /> but the resources used by the device(s) on the aux bus are explicitly<br /> torn down in the error path. The KASAN-reported use-after-free also<br /> remains, as the DP aux "module" explicitly frees its devres-allocated<br /> memory in this code path.<br /> <br /> As such, explicitly depopulate the aux bus in the error path, and in the<br /> component unbind path, to avoid these issues.<br /> <br /> Patchwork: https://patchwork.freedesktop.org/patch/542163/