Linux Kernel Classmate Laptop Driver NULL Pointer Dereference Vulnerability

A vulnerability in the Classmate laptop driver of the Linux kernel can lead to a NULL pointer dereference. This issue arises because the driver may access the 'accel' object before its address is properly stored in the input device's driver data. For instance, the 'cmpc_accel_sensitivity_store_v4()' function, which is the 'show' method for a specific sysfs attribute, can be called before the input device is fully initialized. If this attribute is accessed too early, it results in a NULL pointer dereference. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the affected system.

Reproduction

To reproduce this vulnerability, access the 'cmpc_accel_sensitivity_attr_v4' sysfs attribute before the corresponding input device is initialized with 'cmpc_add_acpi_notify_device()'. This can be done by reading the attribute too early, which will cause the 'dev_get_drvdata()' call to return NULL, triggering the NULL pointer dereference.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux kernel documentation.