Linux Kernel Page Fault Vulnerability in Intel Graphics Driver

A vulnerability in the Linux kernel's Intel graphics driver can lead to a kernel page fault. This issue arises in the 'error_state_read' function, where pointer offset usage is incorrect. The vulnerability occurs when the 'i915_gpu_coredump' is absent, but the buffer offset is non-zero. The problem is exacerbated when multiple tests run concurrently, with one test producing engine resets and consuming the 'i915' error state dump, while another forces full graphics engine resets. This vulnerability has been observed in Linux kernel version 5.17.0-rc5, specifically in the 'Alder Lake Client Platform' on systems with the 'Intel Corporation Alder Lake Client Platform/AlderLake-M LP4x RVP' hardware.

Impact

Exploitation of this vulnerability causes a kernel page fault, disrupting normal kernel operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by running multiple tests concurrently in a loop. One test should produce engine resets and consume the 'i915' error state dump, while another test forces full graphics engine resets. This simultaneous operation can trigger the page fault due to the incorrect pointer offset handling in the 'error_state_read' function.