Linux Kernel Socket-to-Node Mapping Vulnerability in x86 UV Platform

A vulnerability in the Linux kernel's handling of socket-to-node mappings on x86 platforms using the UV code can lead to system errors. This issue arises when the number of CPUs is set lower than the actual count, causing the mapping information for unused CPUs to be unavailable. As a result, the kernel skips certain nodes or sockets while creating lookup tables, leaving behind placeholder values that can cause system crashes. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause system crashes due to unhandled placeholder values in the socket-to-node lookup tables.

Reproduction

The vulnerability can be reproduced by configuring the system to recognize fewer CPUs than are physically present. This can be done by setting the 'nr_cpus' parameter to a lower value, which will disable some CPUs and create a mismatch in the CPU-to-node mapping. Once this configuration is applied, the system will skip certain nodes or sockets when building the lookup tables, leaving behind placeholder values that can cause a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.