Linux Kernel Regmap-IRQ Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's regmap-irq handling. This issue arises in the WCD9335 audio driver after an update removed the old type register property without properly transitioning to the new configuration register system. As a result, the driver attempts to access an uninitialized buffer, leading to a kernel crash.

Impact

Exploitation of this vulnerability causes a kernel crash due to a null pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading the WCD9335 audio driver after applying the commits that removed the num_type_reg property without replacing it with the new num_config_regs property. This creates a scenario where the driver tries to use a type buffer that was never allocated, causing a null pointer dereference.

Remediation

Users can manually adjust the WCD9335 driver's regmap_irq_chip structure to include the num_config_regs property and ensure it is properly allocated before the driver is loaded.