Linux Kernel PCMCIA Resource Management Error Handling Vulnerability

A vulnerability in the Linux kernel's PCMCIA resource management can lead to illegal memory access. The issue arises in the 'do_validate_mem()' function, where the 'add_interval()' call does not properly handle errors. If memory allocation fails, a null pointer could be inserted into a linked list, causing unauthorized memory access when 'sub_interval()' is subsequently called. This vulnerability affects the Linux kernel stable group.

Impact

The vulnerability could be exploited to cause illegal memory access, potentially leading to memory corruption or other unintended behavior in the kernel.

Reproduction

The vulnerability can be reproduced by triggering a memory allocation failure in the 'add_interval()' function within the PCMCIA resource validation process. This can be done by simulating low memory conditions that cause 'kmalloc()' to fail, allowing a null pointer to be inserted into the memory management data structures. Once the null pointer is introduced, the subsequent call to 'sub_interval()' will access invalid memory, demonstrating the vulnerability.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.