Linux Kernel Powercap NULL Pointer Dereference Vulnerability in DTPM CPU Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's powercap DTPM CPU driver. This issue arises in the get_pd_power_uw() function when em_cpu_get() returns NULL, which can happen if a CPU becomes unavailable during runtime. The NULL value propagates through em_cpu_get() and causes a crash when em_span_cpus() attempts to dereference the NULL pointer. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a system crash due to a NULL pointer dereference, causing a denial of service.

Reproduction

The vulnerability can be reproduced by simulating a scenario where a CPU becomes unavailable during runtime, causing the get_cpu_device() function to return NULL. This will lead to the em_cpu_get() function also returning NULL, which then causes the em_span_cpus() function to dereference the NULL pointer, resulting in a crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The patches can be downloaded from the Linux kernel Git repository.