Linux Kernel Crypto CCP Device Rebinding Null Pointer Dereference Vulnerability

A null pointer dereference vulnerability has been identified in the Linux kernel's crypto component, specifically within the CCP (Compression Control Protocol) driver. This issue occurs when the CCP device is rebound while the CONFIG_CRYPTO_DEV_CCP_DEBUGFS option is enabled. The rebinding process triggers a kernel crash due to a null pointer being accessed, which is not handled properly. The vulnerability has been observed on systems with AMD Ryzen processors.

Impact

Exploiting this vulnerability leads to a kernel crash, causing a denial of service by interrupting system operations and potentially requiring a manual reboot to restore functionality.

Reproduction

To reproduce this vulnerability, first ensure that the Linux kernel is compiled with the CONFIG_CRYPTO_DEV_CCP_DEBUGFS option enabled. Then, unbind a CCP device by writing its PCI address to the unbind file of the CCP driver. After unbinding, immediately bind the device again by writing the same PCI address to the bind file. This sequence of actions will trigger the null pointer dereference, causing a kernel crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.