power: supply: Fix null pointer dereference in smb2_probe

Vulnerability

In the Linux kernel, the smb2_probe function in the power supply subsystem fails to check the return values of devm_kasprintf and devm_kzalloc. These functions can return NULL upon memory allocation failure. If either call fails, the subsequent dereference of the NULL pointer leads to a null pointer dereference. This issue affects versions prior to the fix commit [1].

Exploitation

An attacker would require the ability to trigger a memory allocation failure in the kernel during the probing of a power supply device. This could be achieved by exhausting system memory or through specific conditions that cause devm_kasprintf or devm_kzalloc to fail. No special privileges or user interaction beyond normal system operation is needed; the vulnerability manifests during device initialization.

Impact

A successful exploitation results in a kernel NULL pointer dereference, causing a system crash (denial of service). This could lead to a temporary loss of availability for the affected system. There is no evidence of privilege escalation or information disclosure; the impact is limited to a denial of service.

Mitigation

The fix is included in Linux kernel commit 88f04bc3e737155e13caddf0ba8ed19db87f0212 [1]. Users should update their kernel to a version that includes this commit. No workaround is available other than applying the patch. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.