Linux Kernel IDPF Driver Error Handling Vulnerability Leading to NULL Pointer Dereference

A vulnerability in the Intel IDPF driver of the Linux kernel can cause a NULL pointer dereference, leading to a kernel crash. This issue arises when the 'init_task' function fails during the driver loading process, leaving virtual ports and network devices uninitialized. If a hardware reset occurs after this failure, the service task tries to access these uninitialized resources, causing a crash. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a kernel crash due to a NULL pointer dereference, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by loading the affected IDPF driver into the Linux kernel. If the 'init_task' function fails during this process, the driver will not properly initialize the necessary virtual ports and network devices. Subsequently, if a hardware reset is triggered, the service task will attempt to access the uninitialized resources, resulting in a crash. This sequence of events can be observed in the kernel logs, where the reset and crash are recorded.

Remediation

The vulnerability has been addressed in a patch that improves the error handling in the 'init_task' function. This patch is included in the latest version of the Linux kernel stable tree.