Linux Kernel Device Driver Null Pointer Dereference Vulnerability

A potential null pointer dereference vulnerability has been identified in the Linux kernel's device driver management. This issue arises in the 'device_add()' function, specifically within the driver core. The vulnerability was discovered during fault injection testing, where the kernel encountered a null pointer dereference error. The problem occurs when a device is added to a driver but the driver is not yet fully bound. If an error occurs during the addition process, the device is detached from the driver, but the driver's node reference is not cleared, leading to a null pointer dereference when the system tries to access it.

Impact

Exploitation of this vulnerability leads to a kernel panic due to a null pointer dereference, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by probing a device with a driver that is not fully bound, such as the 'ds2482' driver. During the probing process, the 'device_add()' function is called, which adds the device to the driver management system. If an error occurs after the device has been added but before the driver is fully bound, the device is detached from the driver. However, the reference to the driver's node is not removed, causing a null pointer dereference when the system tries to access it.

Remediation

The vulnerability has been fixed in the upstream Linux kernel. Users should upgrade to the latest version of the stable kernel to address this issue.