CVE-2023-54027

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: core: Prevent invalid memory access when there is no parent<br /> <br /> Commit 813665564b3d ("iio: core: Convert to use firmware node handle<br /> instead of OF node") switched the kind of nodes to use for label<br /> retrieval in device registration. Probably an unwanted change in that<br /> commit was that if the device has no parent then NULL pointer is<br /> accessed. This is what happens in the stock IIO dummy driver when a<br /> new entry is created in configfs:<br /> <br /> # mkdir /sys/kernel/config/iio/devices/dummy/foo<br /> BUG: kernel NULL pointer dereference, address: ...<br /> ...<br /> Call Trace:<br /> __iio_device_register<br /> iio_dummy_probe<br /> <br /> Since there seems to be no reason to make a parent device of an IIO<br /> dummy device mandatory, let’s prevent the invalid memory access in<br /> __iio_device_register when the parent device is NULL. With this<br /> change, the IIO dummy driver works fine with configfs.