Linux Kernel AZ6027 DVB-USB Driver Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's AZ6027 DVB-USB driver. This issue occurs in the 'az6027_i2c_xfer()' function when the I2C message address is '0x99'. If the message length is zero, the buffer pointer is null, leading to a general protection fault. The vulnerability has been addressed by adding a check for the message length before accessing the buffer.

Impact

Exploitation of this vulnerability leads to a general protection fault, caused by dereferencing a null pointer, which can disrupt system operations or cause a kernel crash.

Reproduction

To reproduce this vulnerability, send an I2C message to the AZ6027 driver with the address set to '0x99' and the length set to zero. This will trigger the null pointer dereference by attempting to access the buffer, which is null when the length is zero.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is '0ed554fd769a19ea8464bb83e9ac201002ef74ad', which is included in the Linux kernel stable tree.