Linux Kernel VMCI Context Notification NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's VMCI (Virtual Machine Communication Interface) component can lead to a general protection fault (GPF). This issue arises in the 'vmci_host_setup_notify()' function, where the 'get_user_pages_fast()' call can return a NULL 'notify_page' in the context. The absence of a valid notification page can cause a GPF, particularly for non-canonical addresses. The vulnerability has been addressed by adding a check to ensure 'notify_page' is not NULL before proceeding, thus preventing the GPF.

Impact

Exploitation of this vulnerability causes a general protection fault, likely due to a non-canonical address, which can lead to a crash or instability in the system.

Reproduction

The vulnerability can be reproduced by invoking the 'vmci_host_setup_notify()' function with a context that has a NULL 'notify_page'. This can be done by simulating a scenario where 'get_user_pages_fast()' returns NULL, such as under certain memory management conditions or with specific VMCI context configurations.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.