Linux Kernel PM/Devfreq Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's PM/devfreq subsystem. This issue arises because the governor attribute of devfreq may be NULL. The vulnerability was introduced when the governor_name field was removed and replaced with governor->name, without proper checks for NULL values. As a result, directly using governor->name can lead to a null pointer exception. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash of the kernel and potentially disrupting system operations.

Reproduction

The vulnerability can be reproduced by removing a devfreq governor and then attempting to access the governor's name without checking if the governor is NULL. This sequence of actions will trigger the null pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading can be found in the official Linux kernel documentation.