Linux Kernel LPDDR2 NVM Driver Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's LPDDR2 NVM driver. This issue arises in versions of the kernel prior to the fix, when the 'platform_get_resource()' function returns NULL. The vulnerability occurs because the 'resource_size(add_range)' function is called with a NULL value, leading to a dereference error.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which can lead to a crash of the kernel or the affected process.

Reproduction

The vulnerability can be reproduced by loading the LPDDR2 NVM driver on a platform where the 'platform_get_resource()' function returns NULL. This can be done by modifying the device tree or the platform code to omit the necessary memory resource, causing the driver to attempt to access a NULL pointer.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the latest kernel can be found on the official Linux kernel website.