Linux Kernel 3com 3c59x Vortex Driver Null Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's 3com 3c59x Ethernet driver. This issue arises in the 'vortex_probe1' function, where the 'pdev' (platform device) pointer can be null. As a result, the 'free_ring' function may be called with a null 'pdev', leading to a potential crash or undefined behavior.

Impact

Exploitation of this vulnerability can lead to a null pointer dereference, causing a crash or undefined behavior in the system.

Reproduction

The vulnerability can be reproduced by loading the 3com 3c59x Ethernet driver in the Linux kernel. When the 'vortex_probe1' function is called, if the 'pdev' pointer is null, the 'free_ring' function will attempt to free resources using the null pointer, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The patch is available in the Linux kernel stable tree.