Linux Kernel Hisilicon Hibmc Driver Null Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's Hisilicon Hibmc driver can lead to a null pointer dereference. This issue occurs when the Hibmc driver fails to load, prompting the use of the 'hibmc_unload' function to free resources. However, the associated mutexes are not initialized, resulting in an attempt to access a null pointer. The vulnerability has been addressed by modifying the control flow to return an error instead of jumping to a cleanup routine, as the initialization function does not require resource deallocation.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash of the affected component or system.

Reproduction

The vulnerability can be reproduced by loading the Hisilicon Hibmc driver in a scenario where it fails to initialize properly. This failure can be simulated by introducing conditions that cause the driver to encounter an error during the loading process. Once the driver fails to load, the 'hibmc_unload' function is called to free resources. However, because the mutexes in the 'mode.config' are not initialized, this action attempts to access a null pointer, causing a crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.