Linux Kernel NULL Pointer Dereference Vulnerability in SCSI MPI3MR Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's SCSI MPI3MR driver. This issue arises during resource cleanup when the reply and request queues are NULL due to freed memory. The vulnerability occurs if the creation of these queues fails, leading the driver to free the memory prematurely. Subsequently, the driver attempts to overwrite the freed memory, causing a system crash. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a system crash, causing a denial of service by interrupting normal operations and requiring a manual restart.

Reproduction

The vulnerability can be reproduced by creating a scenario where the reply or request queues fail to initialize, causing them to be NULL. When the driver attempts to clean up resources, it will try to access the freed memory, leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.