Linux Kernel RDMA ib_port Structure Validation Vulnerability in Sysfs Access

A vulnerability in the Linux kernel's RDMA subsystem can lead to a kernel crash when accessing certain sysfs nodes. This issue arises because the 'ib_port' structure must be properly initialized before the sysfs kobject is added, and must be cleared after it is removed. Failure to do so can result in a null pointer dereference, causing a system crash. The vulnerability affects Linux kernel versions through 4.19.161-mlnx.47.gadcd9e3, particularly in the RDMA core and OpenVSwitch modules.

Impact

Exploitation of this vulnerability causes a kernel panic due to a null pointer dereference, which can lead to a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by accessing the sysfs node related to an 'ib_port' that has not been properly initialized or has been removed without clearing the associated sysfs entry. This can be done by triggering a read operation on the sysfs node for the RDMA 'ib_port' before it is fully set up or after it has been torn down, which will result in a kernel crash.

Remediation

Users can upgrade to a patched version of the Linux kernel that includes the necessary validation for the 'ib_port' structure before sysfs access. The specific commit that addresses this vulnerability is 5e15ff29b156bbbdeadae230c8ecd5ecd8ca2477.