Linux Kernel UBI Subsystem Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Unsorted Block Images (UBI) subsystem of the Linux kernel. This issue arises in the 'ubi_free_volume()' function when it attempts to delete a device that has not been properly registered. The vulnerability is triggered during the volume addition process, specifically if the character device registration fails. The 'ubi_free_volume()' function then tries to clean up by removing the device, leading to a null pointer dereference.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which can lead to a denial of service by crashing the system or application.

Reproduction

The vulnerability can be reproduced by initializing a UBI device and attempting to add a volume. If the volume addition fails during the character device registration, the 'ubi_free_volume()' function is called to clean up. This function deletes the device without checking if it was successfully added, resulting in a null pointer dereference when the system tries to access the deleted device.

Remediation

Users can upgrade to the patched version of the Linux kernel, which includes the necessary checks to prevent the null pointer dereference. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.