Linux Kernel Error Pointer Dereference Vulnerability in PM/devfreq mtk-cci

A vulnerability in the Linux kernel's PM/devfreq mtk-cci component could lead to an error pointer dereference. This issue arises because the sram_reg pointer may be set to an error value, which, if not properly checked, can cause a dereference of an invalid pointer. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to a null pointer dereference, causing a crash or undefined behavior in the kernel.

Reproduction

The vulnerability can be reproduced by allowing the sram_reg pointer to be set to ERR_PTR(-EPROBE_DEFER), which simulates a probe deferral scenario. If this error pointer is not correctly validated before use, it will result in a dereference of an invalid pointer, causing a crash.

Remediation

The vulnerability has been addressed by modifying the code to use IS_ERR_OR_NULL() to properly check the validity of the sram_reg pointer before it is dereferenced. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.