Linux Kernel Null Pointer Dereference Vulnerability in Cake Queueing Discipline

A null pointer dereference vulnerability has been identified in the Linux kernel's Cake queueing discipline. This issue arises when the default queuing discipline is set to Cake, and the queuing discipline of the device queue fails to initialize during the 'mqprio_init()' process. As a result, the 'cake_reset()' function is called to clear resources, but since the 'tins' variable is NULL, it leads to a general protection fault. The vulnerability occurs in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a general protection fault, likely due to a non-canonical address, leading to a null pointer dereference.

Reproduction

To reproduce this vulnerability, set the default queuing discipline to Cake. During the initialization of the 'mqprio' process, simulate a failure that prevents the 'dev_queue' from initializing properly. This will trigger the 'cake_reset()' function, which attempts to clear resources. However, because the 'tins' variable is NULL, the process will attempt to access a NULL pointer, causing a general protection fault. This can be observed in the system logs as a null pointer dereference error, indicating that the 'tins' variable was not properly initialized before being accessed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux documentation or through the package management system of the respective Linux distribution.