Linux Kernel IIO ST Sensors Uninitialized Device Structure Vulnerability

A vulnerability in the Linux kernel's IIO (Industrial I/O) subsystem for ST sensors has been addressed. The issue arose because the device structure was used in various probe functions before it was properly initialized. This oversight led to a kernel panic in the 'st_sensors_power_enable()' function. The panic occurred when 'devm_regulator_bulk_get_enable()' failed, causing 'dev_err_probe()' to be called with an uninitialized device. While this issue primarily caused a panic with 'dev_err_probe()', similar functions like 'dev_err()', 'dev_warn()', and 'dev_info()' did not trigger a panic but were also corrected. The vulnerability has been traced and reported in the Linux kernel mailing list.

Impact

The vulnerability caused a kernel panic, disrupting system stability and potentially leading to a denial of service.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.