Linux Kernel NULL Pointer Dereference Vulnerability Due to Clang Bug in Zero Call Used Registers

A vulnerability in the Linux kernel has been addressed, which was caused by a flaw in Clang's handling of the '-fzero-call-used-regs' option. This flaw could lead to NULL pointer dereferences. The issue arises in the kernel's configuration options related to zeroing registers on function exit. To mitigate this vulnerability, the kernel now restricts the use of this feature to either a supported version of GCC or a version of Clang that is newer than 15.0.6. This change ensures that the problematic behavior in Clang is not present, as versions 15.0.7 and 16.0.0 have the issue fixed.

Impact

Exploitation of this vulnerability could lead to NULL pointer dereferences, potentially causing a denial of service by crashing the system or application.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.