Linux Kernel Uninitialized Memory Vulnerability in S32 Pinctrl Driver

A vulnerability exists in the Linux kernel's S32 pinctrl driver, specifically in the handling of the 's32_pinctrl_desc' structure. The issue arises because the structure is allocated using 'devm_kmalloc()' without initializing all its fields. This oversight leads to intermittent allocation errors, particularly when the 'num_custom_params' field is accessed during the parsing of device tree configurations. The uninitialized memory issue can cause failures in dependent drivers, as evidenced by errors reported when probing I2C interfaces on the NXP S32G3 Reference Design Board.

Impact

The vulnerability can cause intermittent allocation errors that disrupt the normal functioning of the I2C subsystem, leading to failed communications with I2C devices. This disruption is caused by the improper handling of device tree configurations, which are crucial for the correct operation of I2C adapters on the affected hardware.

Reproduction

The vulnerability can be reproduced by probing the I2C-imx driver on an NXP S32G3 Reference Design Board 3. During this process, the uninitialized 's32_pinctrl_desc' structure leads to allocation errors, which are logged as warnings. These errors occur because the 'num_custom_params' field, which is not properly initialized, is used in the parsing of device tree configurations for I2C pin groups. As a result, the I2C adapters fail to register correctly, and communications with I2C devices are disrupted.

Remediation

The vulnerability has been addressed by modifying the S32 pinctrl driver to use 'devm_kzalloc()' instead of 'devm_kmalloc()' for allocating the 's32_pinctrl_desc' structure. This change ensures that all fields are properly initialized before they are used, preventing the allocation errors that caused the issue.