Linux Kernel HID Alps Driver NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel HID Alps driver, specifically in the raw event handling function. This issue arises because the driver did not properly check if it had been claimed before processing raw events, leading to a potential crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a system crash due to a NULL pointer dereference, causing a denial of service.

Reproduction

The vulnerability can be reproduced by using a device that employs the Alps T4 Touchpad, which is supported by the HID Alps driver. When raw events are generated by the touchpad, the driver will attempt to process these events without first verifying that it has been properly claimed, leading to a NULL pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.