Linux Kernel NULL Pointer Dereference Vulnerability in STMMAC Driver Safety Feature Handling

A NULL pointer dereference vulnerability has been identified in the Linux kernel's STMMAC Ethernet driver, specifically in the handling of safety features for the DWMAC5 platform. The issue arises because, while the original implementation enabled all safety features by default, subsequent changes allowed only certain platforms to selectively enable these features. As a result, platforms without the necessary software support can encounter a NULL pointer dereference when the automotive safety package bit is set in the hardware features register. This vulnerability can be exploited when the driver is opened, leading to a crash.

Impact

Exploitation of this vulnerability causes a system crash due to a NULL pointer dereference, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, load the STMMAC Ethernet driver on a platform that supports the DWMAC5 implementation but does not have a safety feature configuration defined. Ensure that the automotive safety package bit is set in the hardware features register. When the driver is opened, the absence of a safety feature configuration will result in a NULL pointer dereference, causing a system crash.

Remediation

The vulnerability can be addressed by modifying the driver to revert to the original behavior of enabling all safety features by default on platforms that support the automotive safety package, unless a specific configuration is provided to limit the features.