Linux Kernel NULL Pointer Dereference Vulnerability in IIO ADIS Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's IIO ADIS driver. The issue arises in the 'adis_init()' function, which improperly dereferences 'adis->ops' without first verifying if 'adis->ops' is NULL. This flaw affects several drivers, including 'adis16480', 'adis16490', and 'adis16545', which do not provide custom operation pointers and depend on 'adis_init()' to assign default values. The default initialization by 'devm_iio_device_alloc()' leaves 'adis->ops' NULL when 'adis_init()' is executed, leading to a crash. The vulnerability has been addressed by adding a check for a NULL 'adis->ops' before dereferencing, ensuring that defaults are assigned when necessary.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, causing a denial of service.

Reproduction

To reproduce this vulnerability, load a driver that uses the IIO ADIS framework, such as 'adis16480', 'adis16490', or 'adis16545'. These drivers will not set custom operation pointers, so when the 'adis_init()' function is called, it will attempt to dereference a NULL 'adis->ops', leading to a kernel NULL pointer dereference error. This can be observed in the kernel logs, where the call trace will show 'adis_init' followed by the probe function of the driver that was loaded.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.