Linux Kernel UART Inconsistency Leads to Infinite Loop Vulnerability

A vulnerability in the Linux kernel's handling of UART write operations can cause an infinite loop, particularly with PORT_UNKNOWN serial ports. This issue arises because 'uart_write_room()' and 'uart_write()' respond differently when 'xmit_buf' is NULL, which occurs for PORT_UNKNOWN ports that were not properly initialized. The inconsistency can lead to drivers, such as 'caif_serial', hanging the system by getting stuck in a loop that never exits. The problem has been addressed by modifying 'uart_write_room()' to check 'xmit_buf' and return 0 if it's NULL, aligning its behavior with 'uart_write()'.

Impact

Exploitation of this vulnerability causes system hangs due to an infinite loop in the 'handle_tx()' function of the 'caif_serial' driver when used with PORT_UNKNOWN serial ports.

Reproduction

The vulnerability can be reproduced by using the 'caif_serial' driver with a PORT_UNKNOWN serial port, which has not been properly initialized. This will trigger the 'handle_tx()' function to enter an infinite loop, causing the system to hang.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel stable tree to address this vulnerability.