Linux Kernel FEC Driver Null Pointer Dereference Vulnerability

A vulnerability in the Linux kernel's FEC (Fast Ethernet Controller) driver can lead to a null pointer dereference and subsequent system crash. This issue arises in the 'fec_enet_update_cbd' function, which calls 'page_pool_dev_alloc_pages' without properly handling the case when the allocation fails and returns NULL. Although this scenario is rare, it can occur under memory pressure, such as when writing to a SATA HDD over a SMB share. The vulnerability has been addressed by modifying the driver to properly manage the allocation error by dropping the current packet.

Impact

Exploitation of this vulnerability can cause a system crash due to a null pointer dereference.

Reproduction

The vulnerability can be reproduced by writing data over a SMB share to a SATA hard drive connected to an i.MX6Q system, particularly when the system is under memory pressure.

Remediation

No specific remediation is mentioned, but adjusting the 'min_free_kbytes' setting in the Linux kernel can help alleviate the issue.