Linux Kernel BMC150 Accelerometer Driver NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's BMC150 accelerometer driver. This issue arises because the driver unconditionally invokes the 'bmc150_accel_set_interrupt' function during buffer setup operations, including the runtime power management resume phase. If the device lacks interrupt support, this can lead to a kernel panic, with the error trace indicating a failure to handle a NULL pointer dereference. The vulnerability has existed since the driver was first introduced, but it has only recently started to manifest.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using a BMC150 accelerometer device that does not support interrupts. During the runtime power management resume process, the driver will attempt to set up interrupts for the device. Since the device lacks interrupt support, this will trigger a NULL pointer dereference, causing a kernel panic.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.