Linux Kernel Crashkernel Resource Shrink Vulnerability Leading to Kernel Crash

A vulnerability in the Linux kernel's handling of crashkernel memory reservations can lead to a kernel crash. This issue arises when the crashkernel is configured with a high reservation and then shrunk below the low reservation threshold. The improper management of memory reservations can create invalid resource objects and, if the shrinking is done twice, cause a kernel crash due to a null pointer dereference. The vulnerability is present in the Linux kernel stable tree.

Impact

Shrinking the crashkernel memory reservation below a certain threshold can lead to a kernel crash, causing a null pointer dereference and disrupting system operations.

Reproduction

To reproduce this vulnerability, configure the crashkernel with a high reservation, such as 200MB. After the system reserves this memory, attempt to shrink the reservation to a value below the low memory threshold, such as 50MB. The /proc/iomem file will still show the original 256MB reservation instead of the reduced amount. Further shrinking the reservation to 40MB will trigger a kernel crash.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.