CVE-2021-47108: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf In commit 41ca9caaae0b ("drm/mediatek: hdmi: Add check for CEA modes only") a check for CEA modes was added to function mtk_hdmi_bridge_mode_valid() in order to address possible issues on MT8167; moreover, with commit c91026a938c2 ("drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock") another similar check was introduced. Unfortunately though, at the time of writing, MT8173 does not provide any mtk_hdmi_conf structure and this is crashing the kernel with NULL pointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as soon as a HDMI cable gets plugged in. To fix this regression, add a NULL pointer check for hdmi->conf in the said function, restoring HDMI functionality and avoiding NULL pointer kernel panics.
AI Analysis
Technical Summary
CVE-2021-47108 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically affecting the MediaTek HDMI driver. The issue arises in the function mtk_hdmi_bridge_mode_valid(), which is responsible for validating HDMI display modes. Recent commits introduced checks for CEA (Consumer Electronics Association) modes and limits on the maximal HDMI mode clock to address issues on certain MediaTek platforms such as MT8167. However, the MT8173 platform does not provide the mtk_hdmi_conf structure, which is expected by the function. As a result, when an HDMI cable is plugged in, the function attempts to dereference a NULL pointer (hdmi->conf), causing a kernel panic and system crash. This is a regression introduced by the new checks without proper NULL pointer validation. The fix involves adding a NULL pointer check for hdmi->conf in mtk_hdmi_bridge_mode_valid(), preventing the kernel panic and restoring HDMI functionality on affected devices. This vulnerability is specific to certain MediaTek platforms running Linux kernels containing the problematic commits. There are no known exploits in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations using Linux-based systems on MediaTek hardware platforms such as MT8173, this vulnerability can lead to system instability and denial of service (DoS) conditions triggered by simply connecting an HDMI cable. This could affect devices in embedded systems, industrial control, or consumer electronics that rely on Linux with MediaTek chipsets. The kernel panic caused by the NULL pointer dereference results in a complete system crash, impacting availability. While confidentiality and integrity are not directly compromised, the disruption of service can affect operational continuity, especially in environments where uptime is critical. Organizations deploying Linux on MediaTek platforms in kiosks, digital signage, or IoT devices may experience unexpected reboots or failures, potentially leading to operational disruptions or increased maintenance costs. Given the specificity of the hardware and driver involved, the impact is limited to affected platforms but can be significant in those contexts.
Mitigation Recommendations
Organizations should ensure that Linux kernel versions deployed on MediaTek MT8173 platforms include the patch that adds the NULL pointer check in mtk_hdmi_bridge_mode_valid(). This requires updating to a kernel version that contains the fix or applying the patch manually if using custom kernels. It is critical to verify the kernel source and commits to confirm the presence of the fix. Additionally, system integrators should test HDMI functionality after kernel updates to detect any regressions. For embedded or industrial devices, implementing watchdog timers can help recover from unexpected kernel panics. Monitoring kernel logs for HDMI-related errors can provide early warning signs. Where possible, restrict physical access to HDMI ports to prevent accidental triggering of the vulnerability. Finally, maintain close coordination with Linux kernel maintainers and MediaTek vendors for timely updates and advisories.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden
CVE-2021-47108: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf In commit 41ca9caaae0b ("drm/mediatek: hdmi: Add check for CEA modes only") a check for CEA modes was added to function mtk_hdmi_bridge_mode_valid() in order to address possible issues on MT8167; moreover, with commit c91026a938c2 ("drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock") another similar check was introduced. Unfortunately though, at the time of writing, MT8173 does not provide any mtk_hdmi_conf structure and this is crashing the kernel with NULL pointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as soon as a HDMI cable gets plugged in. To fix this regression, add a NULL pointer check for hdmi->conf in the said function, restoring HDMI functionality and avoiding NULL pointer kernel panics.
AI-Powered Analysis
Technical Analysis
CVE-2021-47108 is a vulnerability identified in the Linux kernel's Direct Rendering Manager (DRM) subsystem, specifically affecting the MediaTek HDMI driver. The issue arises in the function mtk_hdmi_bridge_mode_valid(), which is responsible for validating HDMI display modes. Recent commits introduced checks for CEA (Consumer Electronics Association) modes and limits on the maximal HDMI mode clock to address issues on certain MediaTek platforms such as MT8167. However, the MT8173 platform does not provide the mtk_hdmi_conf structure, which is expected by the function. As a result, when an HDMI cable is plugged in, the function attempts to dereference a NULL pointer (hdmi->conf), causing a kernel panic and system crash. This is a regression introduced by the new checks without proper NULL pointer validation. The fix involves adding a NULL pointer check for hdmi->conf in mtk_hdmi_bridge_mode_valid(), preventing the kernel panic and restoring HDMI functionality on affected devices. This vulnerability is specific to certain MediaTek platforms running Linux kernels containing the problematic commits. There are no known exploits in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations using Linux-based systems on MediaTek hardware platforms such as MT8173, this vulnerability can lead to system instability and denial of service (DoS) conditions triggered by simply connecting an HDMI cable. This could affect devices in embedded systems, industrial control, or consumer electronics that rely on Linux with MediaTek chipsets. The kernel panic caused by the NULL pointer dereference results in a complete system crash, impacting availability. While confidentiality and integrity are not directly compromised, the disruption of service can affect operational continuity, especially in environments where uptime is critical. Organizations deploying Linux on MediaTek platforms in kiosks, digital signage, or IoT devices may experience unexpected reboots or failures, potentially leading to operational disruptions or increased maintenance costs. Given the specificity of the hardware and driver involved, the impact is limited to affected platforms but can be significant in those contexts.
Mitigation Recommendations
Organizations should ensure that Linux kernel versions deployed on MediaTek MT8173 platforms include the patch that adds the NULL pointer check in mtk_hdmi_bridge_mode_valid(). This requires updating to a kernel version that contains the fix or applying the patch manually if using custom kernels. It is critical to verify the kernel source and commits to confirm the presence of the fix. Additionally, system integrators should test HDMI functionality after kernel updates to detect any regressions. For embedded or industrial devices, implementing watchdog timers can help recover from unexpected kernel panics. Monitoring kernel logs for HDMI-related errors can provide early warning signs. Where possible, restrict physical access to HDMI ports to prevent accidental triggering of the vulnerability. Finally, maintain close coordination with Linux kernel maintainers and MediaTek vendors for timely updates and advisories.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2024-03-04T18:12:48.835Z
- Cisa Enriched
- true
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9834c4522896dcbe9d4f
Added to database: 5/21/2025, 9:09:08 AM
Last enriched: 6/30/2025, 9:43:34 PM
Last updated: 7/31/2025, 12:19:21 PM
Views: 13
Related Threats
CVE-2025-52621: CWE-346 Origin Validation Error in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52620: CWE-20 Improper Input Validation in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52619: CWE-209 Generation of Error Message Containing Sensitive Information in HCL Software BigFix SaaS Remediate
MediumCVE-2025-52618: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in HCL Software BigFix SaaS Remediate
MediumCVE-2025-43201: An app may be able to unexpectedly leak a user's credentials in Apple Apple Music Classical for Android
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.