Linux Kernel Intel Ice Driver Transmit Timestamp Initialization Vulnerability

A vulnerability exists in the Linux kernel's Intel Ice driver, specifically in the handling of transmit (Tx) rings when the number of queues is changed via ethtool. The issue arises because the new Tx rings are allocated without properly initializing the transmit timestamps. This oversight leads to the timestamps being set to zero (due to the use of kcalloc for allocation), causing a NULL pointer dereference when a transmit timestamp is requested on the newly created ring.

Impact

Exploitation of this vulnerability leads to a NULL pointer dereference, causing a crash or denial-of-service condition by interrupting the normal operation of the affected system or application.

Reproduction

To reproduce this vulnerability, change the number of Tx queues for a network interface using ethtool. The Intel Ice driver will allocate new Tx rings, but the transmit timestamp field will not be properly initialized. When a transmit timestamp is requested on the new ring, the system will attempt to dereference a NULL pointer, leading to a crash.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux kernel stable tree. Instructions for downloading the updated kernel can be found in the Linux kernel documentation.