Linux Kernel vdpa_sim_blk NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's vdpa_sim_blk component. The issue arises when new vdpa_sim_blk devices are created, as the kernel fails to properly initialize certain attributes. This oversight leads to a NULL pointer dereference, causing the kernel to panic. The vulnerability was introduced in a commit that added new fields to the vdpa_sim_blk device attributes but neglected to initialize them. As a result, the device management process triggers a kernel crash.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a system crash.

Reproduction

To reproduce this vulnerability, add a new vdpa_sim_blk device using the 'vdpa dev add' command. The omission of initialization for the 'nas' and 'ngroups' attributes will result in a NULL pointer dereference, causing the kernel to panic.

Remediation

The vulnerability can be addressed by modifying the vdpa_sim_blk device initialization process to ensure that the 'nas' and 'ngroups' attributes are set to 1, preventing the NULL pointer dereference.