Description
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients During a warm reset flow, the cl->device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl->device->reference_count without a NULL check leads to a kernel panic. This issue was identified during multi-unit warm reboot stress clycles. Add a defensive NULL check for cl->device to ensure stability under such intensive testing conditions. KASAN: null-ptr-deref in range [0000000000000000-0000000000000007] Workqueue: ish_fw_update_wq fw_reset_work_fn Call Trace: ishtp_bus_remove_all_clients+0xbe/0x130 [intel_ishtp] ishtp_reset_handler+0x85/0x1a0 [intel_ishtp] fw_reset_work_fn+0x8a/0xc0 [intel_ish_ipc]
Product status
3703f53b99e4a7c373ce3568dd3f91f175ebb626 (git) before 0b605e8ce60698c27a26f512968a597fd620d2e8
3703f53b99e4a7c373ce3568dd3f91f175ebb626 (git) before feb4bcfd405282de60aba321f13a1272b30c5af4
3703f53b99e4a7c373ce3568dd3f91f175ebb626 (git) before 272dac57caa981718e7188c80c703e7bb1998054
3703f53b99e4a7c373ce3568dd3f91f175ebb626 (git) before 56f7db581ee73af53cd512e00a6261a025bf1d58
4.9
Any version before 4.9
6.12.75 (semver)
6.18.14 (semver)
6.19.4 (semver)
7.0 (original_commit_for_fix)
References
git.kernel.org/...c/0b605e8ce60698c27a26f512968a597fd620d2e8
git.kernel.org/...c/feb4bcfd405282de60aba321f13a1272b30c5af4
git.kernel.org/...c/272dac57caa981718e7188c80c703e7bb1998054
git.kernel.org/...c/56f7db581ee73af53cd512e00a6261a025bf1d58