Linux Kernel Bluetooth btusb Mediatek NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's Bluetooth btusb driver for Mediatek devices can lead to a NULL pointer dereference. This issue arises in the btusb_mtk_setup() function, where the interface for ISO packets can be incorrectly set to NULL. Despite this, the code proceeds to claim the interface, which, after a recent change, causes a crash by passing a bad pointer to the device lock function. The vulnerability has been addressed by adding a NULL check before claiming the interface, restoring the previous error handling behavior.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.