Linux Kernel iavf Driver PTP Clock NULL Dereference Vulnerability

A vulnerability in the Linux kernel's iavf driver for Intel Ethernet can lead to a NULL pointer dereference. The issue arises because the PTP (Precision Time Protocol) clock management function ptp_clock_settime() incorrectly assumes that all PTP clocks have implemented the settime64() method. To address this, the settime64() method has been stubbed with an 'Operation Not Supported' error, preventing the NULL dereference. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can cause a NULL pointer dereference, leading to a crash of the affected component or system.

Reproduction

The vulnerability can be reproduced by registering a PTP clock with the iavf driver without implementing the settime64() method. When ptp_clock_settime() is called, it will attempt to dereference a NULL pointer, causing a crash.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.