Linux Kernel Etron USB Controller Invalid Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's USB xHCI driver for Etron controllers has been fixed. The issue was an invalid pointer dereference that could lead to a kernel crash or corruption of memory. This vulnerability occurred because the driver did not properly check pointers before using them, allowing for a crash or the introduction of erroneous data that could disrupt normal operations. The problem was particularly evident during control transfer stress tests, which triggered the crash. However, the issue was resolved by implementing a more reliable pointer validation method that prevents dereferencing invalid addresses.

Impact

Exploitation of this vulnerability could lead to a kernel crash or memory corruption, causing instability in the system.

Reproduction

The vulnerability can be reproduced by using an Etron USB controller and applying a control transfer stress test, which will likely cause the system to crash. This issue can be confirmed by running the same test without the patch applied, which will result in a crash, whereas the test passes with the patch applied.

Remediation

Users should update to the patched version of the Linux kernel where this vulnerability has been addressed.