Linux Kernel ACPICA Undefined Behavior Vulnerability in AML Walk Initialization

A vulnerability has been addressed in the Linux kernel's ACPICA component, specifically within the ACPI dispatcher state management. The issue involved undefined behavior caused by applying a zero offset to a null pointer during the initialization of the ACPI Disassembly Language (AML) walk process. This vulnerability was identified through a stack trace generated by the Undefined Behavior Sanitizer (UBSAN) in Fuchsia, highlighting the potential for pointer arithmetic errors that could disrupt normal operations.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the ACPI namespace management, potentially causing pointer arithmetic errors that disrupt normal operations.

Reproduction

The vulnerability can be reproduced by initializing an ACPI walk state with a null pointer and a zero-length AML segment. This setup will trigger the undefined behavior by allowing a zero offset to be applied to the null pointer, creating a pointer overflow issue.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.