Linux Kernel Remoteproc Qcom Q6v5 Null Pointer Dereference Vulnerability

A potential null pointer dereference vulnerability has been identified in the Linux kernel's remoteproc subsystem for Qualcomm Q6v5. The issue arises in the function q6v5_wcss_init_mmio(), which calls platform_get_resource_byname(). If this call fails, it returns NULL, leading to a null pointer dereference when devm_ioremap() uses the resource's start address. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a kernel crash or undefined behavior.

Reproduction

The vulnerability can be reproduced by loading a remoteproc driver that initializes Q6v5 WCSS resources. If the platform_get_resource_byname() call fails and returns NULL, the subsequent use of the resource in devm_ioremap() will cause a null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading can be found in the official Linux kernel documentation.