Linux Kernel PCI Endpoint NULL Pointer Dereference Vulnerability in DMA Channel Handling

A vulnerability in the Linux kernel's PCI endpoint function can lead to a NULL pointer dereference, causing a kernel panic. This issue arises in the 'pci-epf-test' function, where the DMA channel fields 'dma_chan_tx' and 'dma_chan_rx' can be NULL even after initialization. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a NULL pointer dereference, leading to a kernel panic, which disrupts system operations and can cause a denial of service.

Reproduction

The vulnerability can be reproduced by initializing a PCI endpoint function that supports DMA, without properly checking the DMA channel fields before releasing them. This can be done by creating a PCI endpoint function with NULL DMA channel fields, and then triggering the cleanup process that releases the DMA channels.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available in the Linux kernel Git repository.