Linux Kernel DVB-USB Vulnerability in GL861 I2C Master Transfer Null Pointer Dereference

A null pointer dereference vulnerability has been identified in the Linux kernel's DVB-USB driver for the GL861 chipset. This issue arises in the 'gl861_i2c_master_xfer' function, where user-controlled messages can be manipulated. If a message's buffer is null and its length is zero, the existing checks on the buffer can be bypassed, allowing malicious data to reach the function. Without proper validation, accessing the buffer can lead to a null pointer dereference, causing a crash. The vulnerability has been addressed by adding a check on the message length to prevent such crashes.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash.

Reproduction

The vulnerability can be reproduced by sending I2C messages with a null buffer and a length of zero to the 'gl861_i2c_master_xfer' function. The lack of proper validation allows this malicious data to be processed, leading to a null pointer dereference when the function attempts to access the buffer.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Git Repository.