Linux Kernel PowerPC PAPR SCM NULL Pointer Dereference Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's PowerPC architecture related to the PAPR SCM (Power Architecture Platform Reference) has been identified. When the 'Enable Performance Information Collection' option is turned off on a POWER-10 logical partition, the kernel can panic. This issue arises because a zero-sized statistics buffer is sent to a function that queries performance statistics for NVDIMM (Non-Volatile Dual In-line Memory Module) virtual persistent memory). Since this type of NVDIMM does not support performance statistics, the function call should not have been made. The missing validation for the statistics buffer length allowed this inappropriate function call, leading to a NULL pointer dereference and a subsequent kernel panic.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Remediation

The vulnerability has been addressed by introducing a check for the statistics buffer length in the PAPR SCM event handling function, ensuring that performance statistics are only queried for NVDIMMs that support them.