Linux Kernel Logical Partition Device Name Registration Vulnerability

A vulnerability in the Linux kernel's handling of logical partitions in the ARM Firmware Framework for Advanced (FFA) has been addressed. Each physical partition can offer multiple services, each identified by a UUID. These services are represented as logical partitions with a unique combination of VM ID and UUID. However, the system currently fails to register more than one logical partition or service within a physical partition because the device name only includes the VM ID. Both the VM ID and UUID are available in the partition information, leading to registration conflicts. This issue was reported in the Linux kernel version 6.3.0-rc7.

Impact

The vulnerability could lead to a denial of service by causing the system to fail in registering logical partitions, which can disrupt service availability and functionality.

Reproduction

The vulnerability can be reproduced by attempting to register multiple logical partitions or services within the same physical partition. The system will fail to register all but one logical partition, leading to a duplicate filename error in the sysfs.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.