Linux Kernel I2C Mux Register-Based Null Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's I2C mux registration process can lead to a null pointer dereference. This issue occurs in the 'i2c-mux-reg' driver when the 'platform_get_resource()' function returns NULL. The vulnerability arises because the 'resource_size()' function is called before checking the validity of the resource, potentially leading to a crash. The problem has been addressed by rearranging the code to check the resource after it has been mapped, and by using a simplified resource management function.

Impact

Exploitation of this vulnerability can cause a null pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by loading the I2C mux register-based driver 'i2c-mux-reg' into the Linux kernel. When the driver attempts to access platform resources, a null pointer dereference occurs if the resource retrieval function returns NULL, causing the system to crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.