Linux Kernel SEV/SNP Shutdown Vulnerability in Crypto CCP Driver Causes Null Pointer Dereference

A vulnerability in the Linux kernel's crypto CCP driver for SEV/SNP shutdown processes has been identified. The issue arises because the function '__sev_firmware_shutdown()' calls '__sev_platform_shutdown_locked()' with a NULL argument, leading to a null pointer dereference. This problem occurs during the shutdown process when the system is suspended to disk, causing a supervisor read access fault in kernel mode. The vulnerability has been addressed by modifying the shutdown function to pass a valid error pointer, allowing the error messages to be properly reported.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a kernel panic. During the shutdown process, the system experiences a supervisor read access fault in kernel mode, indicating a serious error that can disrupt normal operations.

Reproduction

The vulnerability can be reproduced by initiating a system hibernation process while the crypto CCP driver is active. This can be done by running a script or command that triggers the hibernate function, such as 'hib.sh'. The hibernation process will then encounter the error caused by the null pointer dereference, leading to a kernel panic.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.