Linux Kernel ACPI SAR Table Handling Vulnerability Leading to NULL Pointer Dereference

A vulnerability in the Linux kernel's handling of the ACPI SAR table for the MediaTek MT7921 Wi-Fi driver can lead to a NULL pointer dereference. This issue occurs when the ACPI SAR table is not properly implemented, causing the kernel to crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading the MediaTek MT7921 Wi-Fi driver on a system with a poorly implemented ACPI SAR table. This can be done by inserting a device that uses this driver and ensuring that the ACPI SAR table is not correctly set up. Once the driver attempts to read the SAR table, the kernel will dereference a NULL pointer, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.