Linux Kernel ACPI NFIT Vulnerability Allowing Invalid Argument Conversion

A vulnerability in the Linux kernel's ACPI NFIT implementation can lead to improper argument handling, potentially causing undefined behavior. The issue arises in the function 'acpi_nfit_ctl()', which processes user-provided values related to NVDIMM bus families. The function first checks that the value is non-zero before converting it to an integer for comparison. This process can inadvertently allow invalid arguments to be passed, particularly if the original value is non-zero but the lower 32 bits are zero. Such a discrepancy can create a situation where 'acpi_nfit_ctl()' receives an invalid input, leading to potential misuse or exploitation of the function. Additionally, the current implementation only issues a warning for invalid inputs, which is insufficient to prevent further issues. It is recommended to immediately return an error upon detecting invalid user input, ensuring that all checks are applied to the original value before any conversion or processing.

Impact

Exploitation of this vulnerability could lead to undefined behavior in the kernel, potentially allowing for further exploitation or instability in the system.