Linux Kernel Serdev Race Condition Vulnerability in Lenovo Yoga Tab 2 Pro Fast Charger

A race condition vulnerability has been identified in the Linux kernel's handling of the serdev device for the Lenovo Yoga Tab 2 Pro 1380 Fast Charger. The issue arises in the yt2_1380_fc_serdev_probe() function, which calls devm_serdev_device_open() before properly setting the client operations. This misordering can lead to a NULL pointer dereference in the serdev controller's receive_buf handler, as it relies on the serdev operations being valid when the SERPORT_ACTIVE state is applied. This vulnerability mirrors a previously addressed race condition in a different component of the Linux kernel.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the serdev controller.

Remediation

The vulnerability has been fixed by adjusting the order of operations in the yt2_1380_fc_serdev_probe() function. The client operations are now set before the serdev device is opened, preventing the race condition.