Linux Kernel ACPICA Null Pointer Dereference Vulnerability in ACPI Object Display

A null pointer dereference vulnerability has been identified in the Linux kernel's ACPICA component. This issue arises in the 'acpi_db_display_objects' function, where the 'ACPI_ALLOCATE_ZEROED' function may fail, leading to a null 'object_info' pointer. If this null pointer is not properly checked, it can cause a dereference error, potentially leading to a crash or other unintended behavior.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which can lead to a system crash or instability.

Reproduction

The vulnerability can be reproduced by invoking the 'acpi_db_display_objects' function without proper error handling for the 'ACPI_ALLOCATE_ZEROED' allocation. This can be done by passing arguments that trigger the allocation failure, such as invalid object types or display counts.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The commit containing the fix is available in the Linux kernel stable tree.