Description
In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if adis->ops itself is NULL. Drivers like adis16480, adis16490, adis16545 and others do not set custom ops and rely on adis_init() assigning the defaults. Since struct adis is zero-initialized by devm_iio_device_alloc(), adis->ops is NULL when adis_init() is called, causing a NULL pointer dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : adis_init+0xc0/0x118 Call trace: adis_init+0xc0/0x118 adis16480_probe+0xe0/0x670 Fix this by checking if adis->ops is NULL before dereferencing it, falling through to assign the default ops in that case.
Product status
3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4 (git) before ba19dd366528b961430f5195c2e382420703074f
3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4 (git) before 1a48f94c63a078e7b6a2e59a637fc0858dc6510c
3b29bcee8f6f703a5952b85fc2ffcbcfb0862db4 (git) before 9990cd4f8827bd1ae3fb6eb7407630d8d463c430
6.15
Any version before 6.15
6.18.19 (semver)
6.19.9 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/ba19dd366528b961430f5195c2e382420703074f
git.kernel.org/...c/1a48f94c63a078e7b6a2e59a637fc0858dc6510c
git.kernel.org/...c/9990cd4f8827bd1ae3fb6eb7407630d8d463c430