Linux Kernel Slab Memory Vulnerability Leading to Invalid Address Dereference

A vulnerability in the Linux kernel's memory management can cause a kernel panic due to an invalid memory access. This issue arises in the slab allocator, where the 'obj_exts' field of a newly allocated slab page is not properly initialized. As a result, the low bits of 'obj_exts' can be set to an invalid address, leading to a null pointer dereference. This vulnerability was introduced in version 6.15.0-rc1 and has been observed to cause crashes during buffered I/O tests.

Impact

Exploitation of this vulnerability leads to a kernel panic, causing a fatal exception and stopping secondary CPUs, which disrupts system stability and can cause a denial of service.

Reproduction

The vulnerability can be reproduced by running buffered I/O tests with the 'bch2' (Burst Cache) module loaded, on a Linux kernel version that is affected by this vulnerability, such as 6.15.0-rc1. The crashes will occur due to the uninitialized 'obj_exts' field in the slab allocator, causing a null pointer dereference and a subsequent kernel panic.

Remediation

Users can upgrade to a patched version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel's official Git repository.