Linux Kernel NULL Pointer Dereference Vulnerability in x86 FPU State Handling

A vulnerability in the Linux kernel's handling of floating-point unit (FPU) extended state can lead to a NULL pointer dereference. This issue occurs in the KVM virtualization module when the VCPU ioctl is called. The problem arises because dynamic state components are not correctly initialized, causing the system to attempt to copy non-existent data from the initialization state, which results in a crash. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using a virtual machine that employs KVM with an Intel processor. When the guest VCPU state is manipulated through the VCPU ioctl, the kernel will attempt to copy the FPU state from the initialization buffer. Since the dynamic features are not properly initialized, this operation will attempt to access a NULL pointer, causing a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.