Linux Kernel KFD Debugfs Handling Vulnerability Leading to Denial-of-Service

A vulnerability in the Linux kernel's KFD (Kernel Fusion Driver) module can cause a denial-of-service condition by improperly managing debugfs entries. The issue arises because KFD process information was transitioned to the kernel's debugfs. The current sequence of operations can lead to a NULL pointer dereference. Specifically, when the KFD debugfs directory is removed, but the corresponding process entries are still being cleared, it creates a situation where the kernel attempts to access a non-existent directory, causing a hang. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can be exploited to cause a kernel hang by dereferencing a NULL pointer, disrupting system operations and potentially requiring a reboot to recover.

Reproduction

To reproduce this vulnerability, load the KFD module and create some KFD processes. Then, remove the KFD debugfs directory before the KFD processes have been properly cleaned up. This can be done by manually deleting the debugfs entries or by unloading the KFD module without first terminating the KFD processes. The kernel will hang when it tries to access the removed debugfs directory for the processes that are still active.

Remediation

Users can ensure that the KFD debugfs is properly managed by updating to a version of the Linux kernel that includes the latest KFD debugfs handling improvements. Instructions for downloading the patched kernel can be found on the official Linux kernel website.