Linux Kernel Null Pointer Dereference Vulnerability in USB Gadget u_serial Component

A null pointer dereference vulnerability has been identified in the Linux kernel's USB gadget u_serial functionality. This issue arises when the gserial_disconnect function clears the gser->ioport, and a subsequent wakeup interrupt triggers the gserial_resume function. The resume function then attempts to access the cleared ioport, leading to a null pointer dereference. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash of the affected component or system.

Reproduction

The vulnerability can be reproduced by disconnecting a gserial interface, which clears the ioport, and then triggering a wakeup interrupt that calls the gserial_resume function. This sequence of events will cause the resume function to access the cleared ioport, resulting in a null pointer dereference.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree by adding a null pointer check in the gserial_resume function to prevent access to a cleared ioport. Additionally, a static spinlock has been introduced to manage access to the ioport, ensuring it does not become null after the check has been applied.