Linux Kernel QED Driver Buffer Overflow Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's QED Ethernet and storage drivers can cause a buffer overflow. During the protection override dump process, the firmware may return an excessive number of GRC elements. This overflow leads to writing past the end of a memory buffer allocated with kmalloc, causing a kernel panic. The panic message indicates an inability to handle a memory paging request, with the problematic address located just beyond the buffer's end. The issue arises in the QED Ethernet driver or the QEDF storage driver when certain debug features are accessed, particularly after a firmware update that introduced the vulnerability.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by triggering the QED protection override dump process through the QED Ethernet driver or the QEDF storage driver. This can be done by accessing the relevant debug features after the firmware has been updated to a version that introduces the vulnerability. The process will attempt to write an overridden window of data, which exceeds the allocated buffer size, causing a buffer overflow and subsequent kernel panic.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.