Linux Kernel NULL Dereference Vulnerability in ARM SCMI Firmware Notification Handling

A vulnerability in the Linux kernel's ARM SCMI firmware notification handling can lead to a NULL pointer dereference. This issue arises because the event handler retrieval function can return a NULL value when no handler is available, instead of an error pointer as expected. The vulnerability is present in the stable Linux kernel.

Impact

Exploitation of this vulnerability causes a NULL pointer dereference, leading to a crash of the kernel or the associated process.

Reproduction

The vulnerability can be reproduced by registering an event handler for a key that does not have a corresponding handler available. The notification instance will return a NULL reference instead of an error pointer, which can then be dereferenced, causing a kernel crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.