Impact
In the Linux kernel, a NULL pointer dereference in the fastrpc rpmsg callback can cause a kernel panic. The fault occurs when the DSP sends a GLINK message before fastrpc_rpmsg_probe has finished initializing, leaving the context structure uninitialized and the lock variable pointing to a NULL pointer. A kernel panic disables system availability, resulting in a local denial of service.
Affected Systems
Any Linux kernel image that includes the fastrpc module and the rpmsg interface is affected. The vulnerability applies to all kernel releases built with the fastrpc driver prior to the commit that reorders initialization and adds a NULL guard. No explicit version range is listed, so all current releases that have not applied the patch are potentially impacted.
Risk and Exploitability
The exploit requires an ability to send GLINK messages to the kernel before fastrpc has completed initialization, which is a local condition typically associated with control over the DSP subsystem. This is inferred from the description that the DSP sends a message at boot before the probe finishes. No EPSS score is available, the vulnerability is not listed in CISA's KEV catalog, and the impact is a kernel panic that can be leveraged to bring the system down. The risk is therefore high for devices where an attacker can influence the DSP or trigger GLINK traffic before driver start-up.
OpenCVE Enrichment