Linux Kernel Blk-Cgroup Iostat Initialization Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's block cgroup (blk-cgroup) management can cause a kernel panic. This issue arises because certain fields in the 'blkg_iostat_set' structure are not properly re-initialized after being cleared, leading to a NULL pointer dereference. The problem was introduced by two previous commits that modified how I/O statistics are managed within cgroups. The lack of proper initialization can disrupt the expected functioning of the kernel, especially in debug modes where additional checks are required.

Impact

The vulnerability can cause a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by allocating a 'blkcg_gq' structure using the 'blkg_alloc()' function. This allocation process will involve the 'blkg_iostat_set' structure, where the 'blkg' and 'sync' fields need proper initialization. However, these fields are not correctly re-initialized after the 'blkg_iostat_set' is cleared in the 'blkcg_reset_stats()' function', which leads to the NULL pointer access and subsequent kernel panic.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel documentation.