Linux Kernel CIFS NULL Pointer Dereference Vulnerability in UTF16 Conversion

A NULL pointer dereference vulnerability has been identified in the Linux kernel's CIFS (Common Internet File System) implementation. This issue arises because a NULL pointer is passed to the function '__cifs_sfu_make_node' without proper validation. The unchecked NULL pointer is then passed to 'cifs_strndup_to_utf16', which forwards it to 'cifs_local_to_utf16_bytes'. Here, the NULL pointer is dereferenced, leading to a crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash of the affected system or application.

Reproduction

The vulnerability can be reproduced by passing a NULL pointer to the '__cifs_sfu_make_node' function. This can be done by modifying the code to omit the necessary checks before the pointer is passed, allowing a NULL value to be processed by the UTF16 conversion functions, where it will be dereferenced and cause a crash.

Remediation

The vulnerability has been addressed by adding a NULL check for the 'src' parameter in the 'cifs_strndup_to_utf16' function. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.