Linux Kernel Xilinx VCU Clock Provider NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's handling of clock providers for Xilinx Video Codec Units (VCUs) can lead to a NULL pointer dereference. This issue occurs in the VCU driver when the registration of a post-phase locked loop (PLL) divider fails, leaving it set to NULL or an error state. If an attempt is made to unregister this divider without proper validation, the kernel will encounter a NULL pointer dereference, causing a crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, causing a denial of service condition.

Reproduction

To reproduce this vulnerability, load the Xilinx VCU driver in a Linux kernel version that is affected by this issue. During the initialization process, if the PLL post divider fails to register correctly, it will be set to NULL or an error state. The driver will then attempt to unregister the PLL post divider without checking if it was registered successfully, leading to a NULL pointer dereference. This can be observed in the kernel logs as a crash related to an invalid memory access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable tree.