Linux Kernel ibmvnic Driver Non-Fatal Reset Vulnerability Leading to Denial-of-Service

A vulnerability in the Linux kernel's ibmvnic driver can cause a denial-of-service condition. This issue arises when the driver resets its Byte Queue Limit (BQL) statistics after a non-fatal error, without accounting for transmitted data that is still in the process of being sent. The mismatch in the queued and completed byte counters can lead to a kernel crash. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a kernel crash due to a BUG_ON condition in the Byte Queue Limit handling, disrupting normal operations and potentially leading to a system recovery process.

Reproduction

The vulnerability can be reproduced by causing a non-fatal error in the ibmvnic driver, which can be simulated by introducing a condition that triggers the error without fully flushing the transmission buffers. When the driver is reopened after this non-fatal reset, it incorrectly resets the queue statistics, leading to a discrepancy that causes a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading can be found in the official Linux kernel documentation.