Linux Kernel NULL Pointer Dereference Vulnerability in Tracing Component

A NULL pointer dereference vulnerability has been identified in the Linux kernel's tracing component, specifically within the osnoise subsystem. This issue occurs in versions through 6.17.0-rc4-00201-gd69eb204c255. The vulnerability arises when the osnoise_cpus_write() function is called with a count of zero, leading to a crash. The function attempts to allocate memory for a CPU list using kmalloc(), but a zero size request is treated as valid, causing a NULL pointer dereference when the memory is accessed.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a NULL pointer dereference, causing a denial of service condition.

Reproduction

The vulnerability can be reproduced by opening the file '/sys/kernel/debug/tracing/osnoise/cpus' for writing and then writing '0-2' with a count of zero. This triggers the NULL pointer dereference by passing an invalid parameter to the osnoise_cpus_write() function.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading can be found in the Linux kernel documentation.