Linux Kernel Tee Subsystem NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's Trusted Execution Environment (TEE) subsystem. This issue arises in the 'tee_shm_put' function, where a NULL pointer can be dereferenced, leading to a kernel crash. The vulnerability is present in several versions of the Linux kernel, including 6.6.0-39-generic. The issue occurs when the 'tee_shm_put' function is called with a NULL pointer, which can happen if the shared memory reference is not properly initialized. This flaw can be exploited during system hibernation, causing a kernel panic and disrupting normal system operations.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by invoking the 'tee_shm_put' function with a NULL pointer, which can occur if the shared memory reference is not correctly initialized. This situation can be triggered during the system's sleep or hibernation process, where the 'tee_shm_put' function is called, resulting in a NULL pointer dereference and a subsequent kernel crash.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable tree.