Linux Kernel Debugfs String Pointer Initialization Vulnerability

A vulnerability exists in the Linux kernel's debug filesystem (debugfs) related to uninitialized string pointers in the interconnect debugfs client. The debugfs_create_str() function requires that string pointers either be NULL or point to valid dynamically allocated memory. Failing to initialize these pointers can lead to undefined behavior. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could cause undefined behavior due to uninitialized string pointers, which may lead to memory-related issues.

Reproduction

The vulnerability can be reproduced by loading the interconnect debugfs client without the necessary initialization for the src_node and dst_node string pointers. This can be done by creating a debugfs entry for the test client before properly initializing these pointers, leaving them in an uninitialized state.

Remediation

The vulnerability has been addressed by modifying the interconnect debugfs client to initialize the src_node and dst_node pointers to empty strings before creating debugfs entries. Users should update to the latest version of the Linux kernel where this fix has been applied.