Linux Kernel MVPP2 Driver NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's MVPP2 Ethernet driver can lead to a NULL pointer dereference, causing a kernel crash. This issue arises when the CM3 SRAM resource is not available in the device tree, leaving the flow control base pointer NULL. The vulnerability is triggered by operations that switch buffer modes or change the MTU to exceed the jumbo frame threshold, which can inadvertently cause a crash by accessing the NULL pointer.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, causing a denial of service by interrupting normal system operations.

Reproduction

The vulnerability can be reproduced by changing the MTU of a network interface using the MVPP2 driver to a value that crosses the jumbo frame threshold. This action will trigger the buffer switching function, which does not properly check for the presence of the CM3 SRAM resource in the device tree. As a result, the missing flow control base pointer will cause a NULL pointer dereference, leading to a kernel crash.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.