Linux Kernel cpufreq Driver Kernel Panic Vulnerability

A kernel panic vulnerability has been identified in the Linux kernel's cpufreq driver for AMD processors. This issue arises after loading the amd-pstate-ut driver, which fails to release the CPU policy properly. The functions amd_pstate_ut_check_perf() and amd_pstate_ut_check_freq() use cpufreq_cpu_get() to acquire the CPU policy and mark it as busy, but do not call cpufreq_cpu_put() to release it. As a result, any other entity attempting to access the policy is blocked indefinitely. This situation can occur when the amd_pstate mode is changed, leading to a task being blocked for an extended period, as indicated by kernel messages. The vulnerability has been addressed by modifying the driver to ensure that cpufreq_cpu_put() is called where necessary.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing tasks to be blocked indefinitely and potentially disrupting system operations.

Reproduction

To reproduce this vulnerability, load the amd-pstate-ut driver and then change the amd_pstate mode. This will cause a task to be blocked for more than 120 seconds, as the driver does not release the CPU policy properly, leading to a kernel panic.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.