Linux Kernel W7090P Frontend Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's media subsystem, specifically within the DVB frontends for the W7090P tuner. This issue arises in the functions 'w7090p_tuner_write_serpar' and 'w7090p_tuner_read_serpar'. The vulnerability occurs because user-controlled messages can bypass initial buffer checks, leading to the potential dereference of a null pointer. To exploit this, an attacker could send a message with a null buffer and a length of zero, which would be accepted by the existing checks. If the function then attempts to access the buffer without proper validation, it could result in a crash by dereferencing a null pointer.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash of the affected process or system component.

Reproduction

The vulnerability can be reproduced by sending a DVB I2C message to the W7090P tuner frontend with 'buf' set to null and 'len' set to zero. The tuner functions will incorrectly process this message, allowing for a null pointer dereference when the code attempts to access 'buf[2]'.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.