Linux Kernel ACPI Processor NULL-Pointer Dereference Vulnerability

A NULL-pointer dereference vulnerability has been identified in the Linux kernel's ACPI processor handling, specifically within the 'acpi_processor_errata_piix4()' function. This issue arises when the function retrieves device information from the PCI subsystem. The function first assigns an IDE device to a pointer and then attempts to reassign it with an ISA device. If the first lookup is successful but the second fails, the pointer becomes NULL. Consequently, a NULL-pointer dereference can occur when the code attempts to log a message using 'dev_dbg()', potentially leading to a system crash.

Impact

Exploitation of this vulnerability can cause a system crash due to a NULL-pointer dereference, disrupting normal operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by invoking the 'acpi_processor_errata_piix4()' function with a valid PCI device that triggers the NULL-pointer condition. This can be done by simulating a scenario where the IDE device lookup succeeds while the ISA device lookup fails, causing the device pointer to become NULL before 'dev_dbg()' is called.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation or through the package management system of the respective Linux distribution.