Linux Kernel PCIe Clock NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's handling of PCIe clock sources can lead to a kernel panic. This issue arises because the clock source for 'pcie0_rchng_clk_src' is improperly configured, causing a NULL pointer dereference in the clock management code. The vulnerability has been addressed by correctly setting the clock parent data to include the necessary 'XO' reference, preventing the associated kernel oops and subsequent crash.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by configuring the 'pcie0_rchng_clk_src' clock source with an incorrect number of parent references. This misconfiguration can be set up in the device tree for platforms like the Xiaomi AX3600, where the clock source is expected to have two parents defined, but only one is correctly set. Once the clock source is misconfigured, the kernel will panic on boot, before the serial console is initialized, due to the NULL pointer dereference in the clock management code.

Remediation

The vulnerability has been fixed in the Linux kernel by properly configuring the clock parent data to include the missing 'XO' reference. Users should upgrade to the latest version of the kernel where this fix has been applied.