Linux Kernel NULL Pointer Dereference Vulnerability in Applicom Character Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's Applicom character driver. This issue arises in the 'ac_ioctl' function, where the validation of the 'IndexCard' and the check for a valid 'RamIO' pointer are omitted when the command ('cmd') is 6. Consequently, the function unconditionally reads from a memory location pointed to by 'RamIO', which can be NULL if 'IndexCard' references a non-existent board. This oversight leads to a NULL pointer dereference. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected kernel module.

Reproduction

To reproduce this vulnerability, send an IOCTL command with 'cmd' set to 6 to the Applicom character driver. The 'IndexCard' parameter must reference a board that does not exist, causing the 'RamIO' pointer to be NULL. When the command is processed, the function will attempt to read from a NULL pointer, resulting in a crash.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.