Linux Kernel SPI Controller NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's SPI controller management can lead to a NULL pointer dereference. This issue arises because the allocation of per-CPU statistics for SPI controllers is delayed until after the controller is registered with the driver core. Consequently, there is a risk that accessing the corresponding sysfs attributes could cause a NULL pointer dereference. The vulnerability affects the Linux kernel stable tree, specifically in versions 6.0 and prior.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the affected component or system.

Reproduction

The vulnerability can be reproduced by registering an SPI controller without the necessary per-CPU statistics allocation. This can be done by modifying the SPI controller registration process to delay the statistics allocation until after the controller is registered, creating a window where the sysfs attributes can be accessed and trigger a NULL pointer dereference.

Remediation

The vulnerability has been addressed by changing the allocation of per-CPU statistics to occur during the controller allocation phase, before the controller is registered with the driver core. Users should upgrade to the latest version of the Linux kernel stable tree where this fix has been applied.