Linux Kernel IDPF Driver NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Intel IDPF driver of the Linux kernel. This issue occurs when the driver is removed, and the virtual port (vport) configuration has not been properly initialized, leading to a crash. The vulnerability was introduced in the commit that added support for preserving coalescing settings across device resets. The issue can be reproduced by creating a virtual function (VF) with a vport configuration that fails to initialize, followed by removing the driver, which triggers the NULL pointer dereference.

Impact

The vulnerability causes a kernel panic due to a NULL pointer dereference, which can lead to a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by loading the IDPF driver and creating a virtual function (VF) that fails to initialize properly, leaving the vport configuration in a NULL state. Once this state is achieved, removing the driver will cause a NULL pointer dereference, leading to a kernel crash.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.