Linux Kernel Histogram Value Handling Vulnerability Leading to Null Pointer Dereference

A vulnerability in the Linux kernel's tracing subsystem allows histogram values to be improperly modified, leading to a null pointer dereference. This issue arises because the histogram code cannot manage certain modifiers, such as strings, stack traces, graphs, symbols, syscalls, or grouped values. When these unsupported modifiers are used, the kernel fails to handle the situation correctly, causing a segmentation fault. The vulnerability was triggered by writing a specific command to the kprobe_events file, which then caused a data abort error and an internal 'Oops' error, indicating a serious issue in the kernel's handling of the event.

Impact

Exploitation of this vulnerability causes a kernel null pointer dereference, leading to a segmentation fault and a general protection fault, which are critical errors in the Linux kernel.

Reproduction

To reproduce this vulnerability, echo a command to the kprobe_events file that includes a value modifier not supported by the histogram, such as a string or a syscall. Then, set a histogram trigger that attempts to use the unsupported modifier. When the histogram is read, the kernel will encounter a null pointer dereference, causing a segmentation fault.