Linux Kernel PowerPC Kprobes Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's PowerPC architecture, specifically within the kprobes functionality. This issue arises in the 'arch_prepare_kprobe' function when a kprobe is set on a function that has been traced using ftrace. The ftrace-based kprobe does not generate the necessary instruction data, leading to a null pointer being read. As a result, the kernel attempts to access a user page at a null address, causing a crash. This vulnerability affects Linux kernel versions 6.0.0-rc3 and prior.

Impact

Exploitation of this vulnerability leads to a kernel panic due to a null pointer dereference, causing a crash of the running kernel.

Reproduction

To reproduce this vulnerability, first set a kprobe on the 'cmdline_proc_show' function by echoing the command into 'kprobe_events'. Then, add a probe for the next instruction at the ftrace location. This will trigger the null pointer dereference when the kernel attempts to read the instruction data, resulting in a crash.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.