Linux Kernel Power Supply NULL Pointer Dereference Vulnerability in WM97XX Battery Driver

A NULL pointer dereference vulnerability has been identified in the Linux kernel's power supply WM97XX battery driver. This issue arises because the 'request_irq()' function is called before a 'power_supply' handle is properly allocated and registered. If an interrupt occurs between these two steps, the uninitialized 'power_supply' handle will be used in the 'power_supply_changed()' function, leading to a NULL pointer dereference. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash in the system.

Reproduction

The vulnerability can be reproduced by loading the WM97XX battery driver in a Linux kernel version prior to the fix. When the driver is probed, the 'request_irq()' function will be called before the 'power_supply' handle is registered. If an interrupt is triggered during this window, the uninitialized handle will be used, resulting in a NULL pointer dereference.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.