Linux Kernel XArray Component General Protection Fault Vulnerability

A vulnerability in the Linux kernel's XArray component can lead to a general protection fault. This issue arises in the 'xas_create_range()' function when it encounters a multi-order entry. The function misinterprets the entry as a node, leading to a null pointer dereference and a crash. This vulnerability has been present since the introduction of 'xas_create_range()', but the specific scenario causing the crash requires a race condition to be hit in a live kernel.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash.

Reproduction

The vulnerability can be reproduced by calling 'xas_create_range()' when there is already an entry present that is of order greater than or equal to 'XA_CHUNK_SHIFT'. This misinterpretation leads to a dereference of 'xa_node->parent', causing a null pointer dereference and a general protection fault. In a live kernel, this requires the 'khugepaged' process to hit a race condition.