Linux Kernel Unhandled Null Pointer Dereference Vulnerability in User Mode Linux

A vulnerability in the Linux kernel's User Mode Linux (UML) architecture can lead to a null pointer dereference, causing a crash. This issue arises because the initialization of the 'cpu_tasks' array is not completed before some startup code, particularly with KCOV coverage tracking enabled, calls into functions that can trigger coverage-related checks. These checks fail because the current task context is null, leading to a crash. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability causes a crash due to an unhandled null pointer dereference.

Reproduction

The vulnerability can be reproduced by running the Linux kernel in User Mode Linux with KCOV coverage tracking enabled. During the initialization phase, the 'cpu_tasks' array is not properly set up before some initialization code calls into 'memparse()', which has coverage annotations. This sequence triggers a crash when the coverage checks are performed, as the 'current' task context is null.

Remediation

The vulnerability has been addressed by statically initializing the 'cpu_tasks' array, ensuring that all entries are properly set before any coverage-related functions are called. Users can apply the latest patches from the Linux kernel stable tree to mitigate this issue.