Linux Kernel NULL Pointer Dereference Vulnerability in ARM FF-A Firmware Driver

A vulnerability in the Linux kernel's ARM FF-A firmware driver can lead to a NULL pointer dereference. This issue arises because the driver registration process does not require a remove callback, allowing drivers to be registered without this essential function. As a result, the remove method is called unconditionally when a driver is unregistered, leading to a crash. The vulnerability has been addressed by modifying the driver removal process to check for the presence of the remove callback before execution, preventing the NULL pointer dereference.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, which can lead to a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by registering a driver with the ARM FF-A firmware bus type that does not include a remove callback. When the driver is later unregistered, the kernel will attempt to call the missing remove function, resulting in a NULL pointer dereference and a crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.