Linux Kernel cpufreq Kobject Initialization Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's cpufreq subsystem. The issue arises in the 'cpufreq_policy_alloc()' function, where an uninitialized completion is called in 'cpufreq_sysfs_release()' if 'kobject_init_and_add()' fails. This flaw can lead to a crash, causing a page fault when the 'complete' function is called. The vulnerability affects Linux kernel versions 5.2 and later.

Impact

Exploitation of this vulnerability causes a kernel crash due to a page fault, disrupting system operations and potentially leading to a system reboot.

Reproduction

To reproduce this vulnerability, load a kernel module that registers a cpufreq driver using 'cpufreq_register_driver()'. If the 'kobject_init_and_add()' function fails, the 'cpufreq_policy_alloc()' function will call an uninitialized completion, leading to a page fault and a kernel crash. This issue can be triggered by simulating a failure in the kobject initialization process, such as by modifying the cpufreq driver to return an error during initialization.

Remediation

Users can upgrade to a patched version of the Linux kernel to address this vulnerability. The latest stable kernel versions can be downloaded from the official Linux kernel website or through the Linux distribution's package manager.