Linux Kernel hi311x Driver Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel hi311x CAN driver. This issue occurs when the device resumes from sleep before the network interface is enabled. The driver attempts to schedule a restart work, but if the interface is not active, the associated workqueue is not initialized, leading to a null pointer dereference. This vulnerability mirrors a previously addressed issue in the mcp251x driver.

Impact

Exploitation of this vulnerability causes a null pointer dereference, which can lead to a system crash.

Reproduction

To reproduce this vulnerability, the hi311x device must be put to sleep and then resumed before the network interface is enabled. This sequence will trigger the null pointer dereference by attempting to access an uninitialized workqueue.

Remediation

The vulnerability has been fixed by changing the workqueue initialization process. The workqueue is now allocated and set up in the hi3110_can_probe function, ensuring it is ready before the device resume action. This update is included in the latest Linux kernel releases.