Linux Kernel Brcmfmac Driver Uninitialized Variable Vulnerability Leading to Crash

A vulnerability in the Linux kernel's brcmfmac Wi-Fi driver can cause system crashes on certain MacBook Pro models. This issue arises when the driver attempts to read a non-existent property, leaving a temporary variable uninitialized. As a result, a random pointer is passed to a memory management function, leading to a page fault and a permissions violation error. The crash occurs in kernel mode, disrupting normal system operations.

Impact

Exploitation of this vulnerability causes a kernel crash, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading the brcmfmac Wi-Fi driver on a MacBook Pro model 14,3, running Linux kernel versions between 6.10 and 6.11.8-gentoo. When the driver attempts to access a specific property that does not exist, it crashes the system by causing a page fault error due to an uninitialized variable being used as a pointer.