Linux Kernel NULL Pointer Dereference Vulnerability in JSM Serial Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's JSM serial driver. This issue occurs during the initialization of UART ports, where a device is not properly set, leading to a crash when the system attempts to add the serial port control. The vulnerability was tested with a Digi Neo PCIe 8-port card.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, which can lead to a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by loading the JSM serial driver on a system running the affected Linux kernel version. Once the driver is loaded, it will attempt to initialize UART ports on the connected Digi Neo PCIe 8-port card. The lack of a properly set device will cause the serial_base_ctrl_add function to crash, resulting in a kernel NULL pointer dereference error.