Linux Kernel genirq IPI NULL Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's handling of inter-processor interrupts (IPIs) can lead to a NULL pointer dereference. This issue occurs in the 'genirq' subsystem when the 'ipi_send_mask' or 'ipi_send_single' functions are called with an invalid interrupt number. The 'ipi_send_verify' function, which is invoked by these functions, does not properly validate its 'data' parameter. As a result, a NULL pointer is passed to 'irq_data_get_affinity_mask', causing a kernel oops when the pointer is dereferenced. This vulnerability has been addressed by adding a missing NULL pointer check in 'ipi_send_verify'.

Impact

Exploitation of this vulnerability causes a kernel oops, which is a type of error that leads to a crash of the kernel, disrupting system operations.

Reproduction

To reproduce this vulnerability, call the 'ipi_send_mask' or 'ipi_send_single' functions with an invalid interrupt number. This will result in a NULL pointer being passed to 'irq_data_get_affinity_mask', where the NULL is dereferenced, causing a kernel oops.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel official website.