Linux Kernel NVMe Multipath NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's NVMe driver. This issue arises when the block layer's flush request, initiated by 'blk_kick_flush', is processed by 'nvme_end_req' during I/O completion. With 'blktrace' enabled and NVMe multipath support activated, the trace function attempts to access the NULL pointer, leading to a kernel crash. The vulnerability affects Linux kernel versions through 5.15.67-0.cl9.x86_64.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by enabling 'blktrace' and activating NVMe multipath support. Once these conditions are met, the issue can be triggered by sending a flush request that lacks a valid bio, which will be processed during I/O completion, causing the NULL pointer dereference and subsequent crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched kernel are available on the official Linux kernel website.