Linux Kernel SFC Driver Denial-of-Service Vulnerability via Improper DMA Buffer Management

A denial-of-service vulnerability has been identified in the Linux kernel's SFC (Solarflare) network driver. The issue arises when virtual functions (VFs) are created, potentially leading to a kernel panic. This panic occurs during the process of updating NIC statistics for VFs, where the driver improperly manages a DMA coherent buffer. Under certain conditions, the driver attempts to unmap the buffer in an interrupt context or with bottom halves disabled, violating kernel constraints and causing a crash. The vulnerability has been observed in Linux kernel version 5.14.0-119.el9.x86_64.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a crash of the affected system.

Reproduction

The vulnerability can be reproduced by creating virtual functions on a network interface using the Solarflare SFC driver. This can be done through network management tools that support virtualization features, such as 'NetworkManager'. Once the VFs are created, the kernel panic can be triggered when the system attempts to update the NIC statistics for these VFs, due to the improper handling of the DMA buffer.