Linux Kernel SPMI Driver Removal NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's SPMI driver removal process can lead to a NULL pointer dereference, causing a system crash. This issue occurs when a SPMI driver is removed without a defined remove callback, particularly affecting drivers like the QCOM SPMI PMIC driver. The vulnerability has been addressed by adding a check for the presence of a remove callback before attempting to call it during the driver removal process.

Impact

The vulnerability can cause a system crash due to a NULL pointer dereference, disrupting normal operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, load a SPMI driver that does not define a remove callback, ensuring that all resources are allocated through devm_() APIs. When the driver is removed, the absence of the callback can lead to a NULL pointer dereference and a system crash.

Remediation

The vulnerability has been fixed in the Linux kernel by adding a check for the remove callback's presence before calling it during the SPMI driver removal process.