Linux Kernel SPI STM32 Driver NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's SPI STM32 driver could lead to a NULL pointer dereference. The issue arises in the 'stm32_spi_probe' function, where the driver accesses configuration data without first verifying its availability. This flaw could cause a system crash by attempting to read a NULL pointer. The vulnerability has been addressed by adding a check to ensure the configuration pointer is not NULL before accessing its members, particularly 'has_device_mode'.

Impact

Exploitation of this vulnerability could lead to a system crash due to a NULL pointer dereference.

Reproduction

The vulnerability can be reproduced by loading the SPI STM32 driver in a scenario where the 'of_device_get_match_data' function returns a NULL pointer. This can occur if the device tree configuration does not properly specify the SPI device compatibility, particularly for STM32F4 series devices. Once the driver is loaded under these conditions, it will attempt to access the 'has_device_mode' member of the NULL pointer, leading to a crash.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.