Linux Kernel Ice Driver Null Pointer Dereference Vulnerability During Virtual Function Reset

A vulnerability in the Linux kernel's ice driver can lead to a null pointer dereference. This issue occurs during the reset of a virtual function (VF) when the VF's virtual switch interface (VSI) is null. The vulnerability was observed during a stress test that involved attaching and detaching VFs from a KVM virtual machine, while simultaneously changing the VFs' spoof check and trust settings. The null VSI triggers a warning and a call trace, indicating a problem that, although not critical, could disrupt normal driver operations.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a crash of the ice driver. This crash can disrupt network operations managed by the driver, causing a denial of service on affected network interfaces.

Reproduction

The vulnerability can be reproduced by performing a stress test that involves rapidly attaching and detaching virtual functions from a KVM virtual machine. During this process, simultaneously change the spoof check and trust settings for the VFs. This sequence of actions will trigger the ice_reset_vf function, where the null VSI issue occurs.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Consult the Linux kernel changelog or the official repository for details on the patched version.