Linux Kernel NULL Pointer Dereference Vulnerability in SMC Link Group Management

A vulnerability in the Linux kernel's Shared Memory Communication (SMC) implementation can lead to a NULL pointer dereference, causing a kernel crash. This issue arises in the 'smcr_port_add' function, where simultaneous additions or deletions of link groups in the 'smc_lgr_list' can disrupt the iteration process. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by triggering concurrent modifications (additions or deletions) to the SMC link groups while the 'smcr_port_add' function is processing. This can be done by simulating or orchestrating simultaneous events that modify the 'smc_lgr_list', such as adding or removing link groups during the execution of 'smcr_port_add'.

Remediation

The vulnerability has been addressed by modifying the 'smcr_port_add' function to include a lock mechanism that protects the iteration over the 'smc_lgr_list' from concurrent modifications. Users should update to the latest version of the Linux kernel where this fix has been applied.