Linux Kernel Null Pointer Dereference Vulnerability in MIPS Firmware Environment Variable Handling

A null pointer dereference vulnerability has been identified in the Linux kernel's MIPS architecture, specifically within the firmware environment variable handling. The issue arises in the 'fw_getenv' function, which expects a non-empty environment variable list. However, it is valid for firmware to provide an empty list. The vulnerability can be exploited by the firmware passing an empty environment variable list, leading to a null pointer dereference when the kernel attempts to process it.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a kernel crash.

Reproduction

The vulnerability can be reproduced by using a MIPS firmware that passes an empty environment variable list to the kernel. This can be done by configuring the firmware to omit environment variables or by using a custom firmware that intentionally leaves the environment variable list empty. Once the kernel is booted with this firmware, the 'fw_getenv' function will attempt to access the first entry of the environment variable list, resulting in a null pointer dereference and a crash.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel stable tree. Instructions for downloading the latest stable kernel can be found on the official Linux kernel website.