Linux Kernel OcteonTX2 Driver Initialization Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's OcteonTX2 Ethernet driver can cause a kernel panic. This issue arises during the initialization of the Resource Virtualization Unit (RVU) driver, which incorrectly assumes that the Channel Group (CGX) and Logical MAC (LMAC) blocks are contiguous. In reality, with the introduction of new MAC blocks, such as CN10K RPM and CN10K BRPM_USX, both LMACs and CGX blocks are non-contiguous. The driver's erroneous access to CGX or LMAC using their IDs, based on this false assumption, triggers the kernel panic. The vulnerability has been addressed by adding proper validation checks before accessing these blocks.

Impact

The vulnerability leads to a kernel panic, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by initializing the RVU driver in a Linux kernel environment where the OcteonTX2 Ethernet driver is active. During this process, the driver will attempt to access CGX and LMAC blocks using their IDs, based on the incorrect assumption that they are contiguous. This mismanagement will result in a kernel panic, crashing the system.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.