Linux Kernel Null Pointer Dereference Vulnerability in DVB Frontend DIB7090P

A null pointer dereference vulnerability has been identified in the Linux kernel's DVB frontend component, specifically in the DIB7090P driver. This issue arises in the 'dib7090p_rw_on_apb' function, where user-controlled message buffers can be manipulated to bypass initial null checks. If the first message buffer is null and its length is zero, the function may incorrectly assume the buffer is valid, leading to a crash when the code attempts to access specific buffer indices. The vulnerability is exacerbated by similar unchecked accesses in the second message buffer. The issue affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a crash and potentially disrupting system operations.

Reproduction

The vulnerability can be reproduced by sending a user-controlled message to the 'dib7090p_rw_on_apb' function with the first message buffer set to null and its length zero. This will allow the function to bypass safety checks and cause a null pointer dereference when it tries to access the buffer. The same issue can be triggered with the second message buffer by sending a similar payload that exploits the lack of proper validation.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.