Linux Kernel ADMV1013 Driver NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel ADMV1013 driver. When the function 'device_property_read_string()' fails, the string variable 'str' remains uninitialized. The code then proceeds to compare 'str' using 'strcmp()', which leads to dereferencing a garbage pointer. This vulnerability has been addressed by replacing the manual string read and comparison with 'device_property_match_property_string()'. Additionally, the single-ended mode enums have been consolidated into a sequential enum, mapping to hardware register values via a switch, in line with other bitfields in the driver. This issue affects the Linux kernel IIO frequency ADMV1013 driver.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or undefined behavior in the driver.

Reproduction

The vulnerability can be reproduced by loading the affected ADMV1013 driver in the Linux kernel. When the driver attempts to read certain device properties related to input modes and quad-se modes, the 'device_property_read_string()' function may fail, leaving the 'str' variable uninitialized. The driver then incorrectly assumes 'str' contains a valid string, leading to a NULL pointer dereference. This issue can be triggered by configuring the device properties in a way that causes the property read function to fail, such as omitting required properties or providing invalid values.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can apply the latest patches available in the stable release to address this issue.