Linux Kernel NULL Pointer Dereference Vulnerability in mt76 WiFi Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's mt76 WiFi driver, specifically within the USB component. This issue arises when the mt76u_status_worker thread is executed for a device that is not yet operational, leading to a crash. The vulnerability has been addressed by modifying the worker thread to check the device's state before execution. The issue was detected using the Kernel Address Sanitizer (KASAN), which reported the null pointer dereference.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected kernel thread.

Reproduction

The vulnerability can be reproduced by scheduling the mt76u_status_worker thread for a device that is not in the 'running' state. This can be done by manipulating the device's state in a way that bypasses the normal initialization process, causing the worker thread to attempt to access resources that are not yet available, resulting in a NULL pointer dereference.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the official Linux Kernel Git Repository. Instructions for downloading the latest stable version can be found on the Linux Kernel website.