Linux Kernel Intel Pstate QoS Request Object Lifecycle Vulnerability

A vulnerability in the Linux kernel's Intel Pstate driver can lead to a crash during CPU hot removal. The issue arises because the 'cpufreq_cpu_put()' call in 'update_qos_request()' is executed too early. This premature call disrupts the proper handling of the policy object when 'freq_qos_update_request()' is invoked, potentially causing a crash. Although this issue is currently only relevant in virtual environments, it is formally supported.

Impact

The vulnerability can cause a crash during the hot removal of a CPU device, which is currently only possible in a virtual environment.

Reproduction

The vulnerability can be reproduced by invoking the 'update_qos_request()' function under the Intel Pstate driver lock. This will trigger the 'cpufreq_cpu_put()' call before 'freq_qos_update_request()' has completed, creating a lifecycle issue with the QoS request object.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability.