Linux Kernel ACPI Processor Performance Check Vulnerability

A vulnerability in the Linux kernel's ACPI processor performance management can lead to issues when taking a CPU offline. The problem arises because a recent commit introduced a check that prevents the frequency Quality of Service (QoS) request from being added for processors lacking a performance object. This omission causes a warning to trigger when the CPU is later taken offline, as the frequency QoS object was never established. The vulnerability affects several versions of the Linux kernel, specifically in the stable branch.

Impact

The vulnerability can cause a warning to be triggered when a CPU is taken offline, due to the absence of a previously required frequency QoS object. This can lead to improper CPU management and potential performance issues.

Reproduction

The vulnerability can be reproduced by taking a CPU offline that has no performance object associated with it. This can be done by removing the CPU from the system's active list, which will trigger a warning because the frequency QoS object was not added due to the missing performance object. This warning indicates that the CPU management process has been disrupted, potentially leading to performance degradation.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.