In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: move dpuencoder's connector assignment to atomicenable()
For cases where the crtc's connectorschanged was set without enable/active getting toggled , there is an atomicenable() call followed by an atomicdisable() but without an atomicmode_set().
This results in a NULL ptr access for the dpuencodergetdrmfmt() call in the atomicenable() as the dpuencoder's connector was cleared in the atomicdisable() but not re-assigned as there was no atomicmode_set() call.
Fix the NULL ptr access by moving the assignment for atomicenable() and also use drmatomicgetnewconnectorforencoder() to get the connector from the atomicstate.
Patchwork: https://patchwork.freedesktop.org/patch/606729/