Linux Kernel Intel Graphics Virtualization Technology Debugfs Cleanup Vulnerability

A vulnerability in the Linux kernel's Intel Graphics Virtualization Technology (GVT) component can lead to a null pointer dereference. This issue arises when the GVT debug filesystem is destroyed without properly checking if the associated debugfs root is still available. If a device is unbound, the debugfs directory may have already been removed, causing a dangling pointer that leads to a kernel crash. This vulnerability affects Linux kernel versions through 6.1.0-rc8.

Impact

Exploitation of this vulnerability causes a kernel null pointer dereference, leading to a system crash.

Reproduction

The vulnerability can be reproduced by unbinding a device that has an active GVT debug filesystem. This can be done using a script that removes the device while the debugfs is still active, causing the GVT cleanup function to attempt to access a already removed debugfs root, resulting in a null pointer dereference.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been addressed.