Linux Kernel NULL Pointer Dereference Vulnerability in fsl-mc Bus Driver

A vulnerability in the Linux kernel's fsl-mc bus driver can lead to a NULL pointer dereference. This issue arises because the platform_get_resource() function, which retrieves resource information, can return NULL if it fails. The vulnerability has been addressed by adding a check for the return value of platform_get_resource() and propagating the error to prevent the NULL pointer dereference.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the affected component or system.

Reproduction

The vulnerability can be reproduced by loading a device driver that uses the fsl-mc bus and has ACPI support. When the driver probes the platform device, the fsl-mc bus driver will attempt to retrieve a memory resource. If this retrieval fails, the driver does not properly handle the error, resulting in a NULL pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel are available on the Linux Kernel Archives.