Linux Kernel MT76 MT7921 Driver Unallocated EEPROM Data Access Vulnerability Causes Kernel Panic

A vulnerability in the Linux kernel's MT76 MT7921 wireless driver has been identified, where the driver improperly accesses unallocated EEPROM data. Although the MT7921 driver no longer utilizes the EEPROM data, remnants of the related code remain, potentially leading to invalid memory access. This issue can cause a kernel panic by dereferencing a null pointer, as indicated by a kernel error log. The problem arises because the driver relies on a capability retrieval function that has been updated, without fully removing the obsolete EEPROM handling code.

Impact

The vulnerability leads to a kernel panic, caused by a null pointer dereference. This type of error occurs when the system attempts to access memory that has not been allocated, disrupting normal operations and potentially causing a denial of service.

Reproduction

The vulnerability can be reproduced by loading the MT7921 driver in a Linux kernel environment. The driver will attempt to access EEPROM data that has not been allocated, leading to a null pointer dereference. This can be observed in the kernel logs, where the error will indicate a supervisor write access violation in kernel mode, due to a non-present page error.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation.