Linux Kernel ACPI Processor Driver Check Update Vulnerability in cpuidle Driver

A vulnerability exists in the Linux kernel's ACPI processor management. The issue arises because the ACPI idle driver registration was moved to a different initialization function, leaving a gap that could lead to a NULL pointer dereference. Specifically, the cpuidle driver check in the '__acpi_processor_start()' function needs to be revised. Without this update, the function may call 'acpi_processor_power_init()' without a valid cpuidle driver, causing a crash by dereferencing a NULL pointer when registering the cpuidle device.

Impact

Failing to update the cpuidle driver check can lead to a NULL pointer dereference, causing a system crash.

Reproduction

The vulnerability can be reproduced by running the Linux kernel with the ACPI processor management features enabled, and then initiating the processor idle driver registration process. The absence of a proper cpuidle driver will trigger the NULL pointer dereference when the cpuidle device registration is attempted.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.