Linux Kernel USB Gadget u_serial Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's USB gadget u_serial functionality. This issue arises when the gserial_disconnect function clears the gser->ioport, and subsequently, if gserial_suspend is called, it attempts to access the now-cleared gser->ioport. This access leads to a null pointer dereference. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash of the affected component.

Reproduction

The vulnerability can be reproduced by first calling the gserial_disconnect function, which clears the gser->ioport. After this, calling the gserial_suspend function will attempt to access the cleared gser->ioport, causing a null pointer dereference.

Remediation

The vulnerability has been addressed by adding a null pointer check in the gserial_suspend function to prevent access to a cleared gser->ioport. Additionally, a static spinlock has been introduced to ensure that gser->ioport does not become null after the check has been applied.