Linux Kernel Bootlog Initialization Race Condition Vulnerability in accel/qaic Component

A race condition vulnerability has been identified in the Linux kernel's accel/qaic component. This issue arises from improper initialization ordering when handling bootlog data from the device. Specifically, the kernel queues buffers to receive data before all necessary resources are fully initialized. As a result, there is a risk of accessing uninitialized resources, which can lead to page faults. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause page faults due to the access of uninitialized resources, disrupting normal operation and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, load the accel/qaic component of the Linux kernel. Once the component is active, queue MHI buffers to receive bootlog data from the device. The vulnerability will manifest as a race condition between the data reception and the initialization of required resources, leading to a page fault when the uninitialized resources are accessed.

Remediation

The vulnerability has been addressed by fixing the initialization ordering to ensure all resources are properly set up before queuing buffers. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this issue.