Unchecked kstrdup in drm_load_edid_firmware leading to potential NULL pointer dereference and system crash

Unchecked kstrdup in drm_load_edid_firmware leading to potential NULL pointer dereference and system crash

CVE-2019-12382 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:N/A:C

An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.