Linux Kernel be2net Driver NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's be2net driver. This issue arises in the function be_cmd_get_mac_from_list() when the pmac_id_valid parameter is set to false. In this scenario, the driver requests the PMAC_ID from the network card's firmware, intending to store it at the specified pmac_id address. However, there is a condition within the driver that simultaneously passes pmac_id_valid as false and pmac_id as NULL, leading to the potential dereferencing of a NULL pointer. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the driver.

Reproduction

The vulnerability can be reproduced by calling the function be_cmd_get_mac_from_list() with pmac_id_valid set to false and pmac_id set to NULL. This can be done within the be2net driver's MAC address management code, where the function is invoked without a valid PMAC_ID address, triggering the NULL pointer dereference.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version of the stable kernel where this issue has been addressed.