Linux Kernel NULL Pointer Dereference Vulnerability in LoongArch Architecture

A vulnerability in the Linux kernel's LoongArch architecture has been addressed, which involved missing NULL checks for the kstrdup() function. This oversight could lead to a NULL pointer dereference. The issue was particularly relevant during early boot, when memory allocation failures could occur while the kernel was parsing the CPU model from the device tree, potentially causing a kernel oops. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to a NULL pointer dereference, causing a kernel oops, which is a type of error that can disrupt system operations and stability.

Reproduction

The vulnerability can be reproduced by booting a system with a LoongArch CPU model that is not properly handled due to the missing NULL checks. This can be done by using a device tree that causes the kernel to attempt to read the CPU model without the necessary memory allocation checks in place.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit that addresses this issue is available in the Linux kernel stable tree.