Linux Kernel ACPI Null Pointer Dereference Vulnerability in Processor Management

A vulnerability in the Linux kernel's ACPI processor management can lead to a null pointer dereference. This issue arises in the 'fch_misc_setup()' function, where the 'devm_kzalloc()' memory allocation can fail, leaving 'clk_data->name' null. If this null value is not properly checked, it will cause a dereference error later in the execution.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash of the affected system component.

Reproduction

The vulnerability can be reproduced by invoking the 'fch_misc_setup()' function within the ACPI processor management context. The function will attempt to allocate memory for 'clk_data->name' using 'devm_kzalloc()'. If this allocation fails, 'clk_data->name' will be null. The subsequent use of 'clk_data->name' without a proper null check will trigger the null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading can be found in the official Linux kernel documentation.