Linux Kernel xtensa Simdisk Input Validation Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's xtensa architecture, specifically within the simulated disk component. This issue arises from a lack of proper input size validation in the 'proc_write_simdisk' function. A malicious user could exploit this by sending a poorly sized value to 'memdup_user_nul()', potentially causing a kernel crash. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a kernel crash, causing a denial-of-service condition on the affected system.

Reproduction

The vulnerability can be reproduced by writing to the 'proc_write_simdisk' function without proper input size validation. This can be done by sending a value that is either too large or too small, which 'memdup_user_nul()' cannot handle, leading to a kernel crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.