Linux Kernel NULL Pointer Dereference Vulnerability in MANA VM Hibernation Process

A NULL pointer dereference vulnerability has been identified in the Linux kernel's handling of the MANA virtual machine during the hibernation process. When hibernation is initiated, the system calls 'mana_gd_suspend()' and 'mana_gd_resume()'. If 'mana_gd_resume()' encounters an error while creating a hardware context, the 'mana_port_debugfs' pointer is not properly reinitialized, leaving it to reference an outdated, cleaned-up directory entry. Subsequently, the 'mana_gd_shutdown()' function attempts to clean up this already cleared 'mana_port_debugfs' value, leading to a kernel crash. The error manifests as a NULL pointer dereference, causing a supervisor write access violation in kernel mode, and triggering a page fault error.

Impact

This vulnerability causes a kernel crash due to a NULL pointer dereference, which disrupts the normal operation of the system and can lead to a denial of service.

Reproduction

To reproduce this vulnerability, initiate hibernation on a MANA VM running a vulnerable version of the Linux kernel. During the 'mana_gd_resume()' phase, introduce a failure in hardware context creation. This will cause the 'mana_port_debugfs' pointer to reference an invalid entry. Continue the hibernation process, which will trigger 'mana_gd_shutdown()'. This function will attempt to clean up the 'mana_port_debugfs' value, now pointing to a NULL address, causing a kernel NULL pointer dereference error.