Linux Kernel SCSI Target TCM Loop NULL Pointer Dereference Vulnerability

A segmentation fault vulnerability has been identified in the Linux kernel's SCSI target TCM loop module. This issue arises in the function 'tcm_loop_tpg_address_show()' when the allocation of 'tl_hba->sh' fails in 'tcm_loop_driver_probe()'. Attempting to dereference a null pointer leads to a kernel NULL pointer dereference error, causing a crash. The vulnerability is present in the Linux kernel stable tree, specifically in versions through 6.6.104.2-4.azl3.

Impact

The vulnerability causes a kernel panic due to a NULL pointer dereference, which can lead to a denial of service by crashing the kernel and terminating all running processes.

Reproduction

The vulnerability can be reproduced by loading the TCM loop module in a Linux kernel version that is vulnerable. If the 'tl_hba->sh' allocation fails, any attempt to access this pointer in the 'tcm_loop_tpg_address_show()' function will result in a segmentation fault, crashing the kernel.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable repository.