Linux Kernel Mediatek Pinctrl Invalid Pointer Dereference Vulnerability on V1 Platforms

A vulnerability in the Linux kernel's Mediatek pinctrl driver for version 1 platforms has been identified, leading to an invalid pointer dereference. This issue arose after a commit introduced a dependency on a structure that includes a 'soc' field, while the v1 drivers relied on a version of the structure that omitted this field. As a result, when the initialization function is called by v1 drivers, it attempts to dereference a non-existent pointer, causing a crash early in the boot process. This vulnerability has been observed on the Genio 350 EVK (MT8365) device.

Impact

Exploitation of this vulnerability causes a kernel crash during the boot process, with the crash trace only visible through earlycon.

Remediation

The vulnerability has been addressed by modifying the initialization function to accept a parameter that specifies the pin configuration, thereby eliminating the reliance on a specific structure version. Users should ensure they are using the patched version of the kernel where this fix has been implemented.