Linux Kernel NULL Pointer Dereference Vulnerability in idpf Driver

A vulnerability in the Linux kernel's idpf driver can lead to a NULL pointer dereference. This issue occurs with SR-IOV enabled when the idpf_remove() function is called twice. The first call, made during the idpf_shutdown() process, can leave the adapter variable NULL. When idpf_remove() is called again, it attempts to access the NULL adapter, causing a kernel crash. The vulnerability can be triggered by manipulating the SR-IOV virtual function configuration and then rebooting the system.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, enable SR-IOV on a network interface that uses the idpf driver. Then, configure the number of virtual functions for the interface. After setting up the virtual functions, reboot the system. The kernel will dereference a NULL pointer, leading to a crash.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the shutdown process to prevent the NULL pointer dereference. Users should upgrade to the latest version of the kernel where this fix is applied.