Linux Kernel NULL Pointer Dereference Vulnerability in act_ife Scheduler Component

A vulnerability allowing a NULL pointer dereference has been identified in the Linux kernel's scheduling component 'act_ife'. This issue arises in versions prior to the patch included in commit 03710cebfc0bcfe247a9e04381e79ea33896e278. The vulnerability was introduced when the 'ife' module was integrated into the 'act_ife' scheduler actions. The problem occurs in the 'tcf_ife_encode' function, where the 'ife_encode' call can return NULL, leading to a general protection fault. This fault is reported to be related to a non-canonical address, indicating a serious memory access error.

Impact

Exploitation of this vulnerability causes a general protection fault due to a NULL pointer dereference, which can lead to a crash of the affected process or service.

Reproduction

The vulnerability can be reproduced by using the 'act_ife' scheduler component with a configuration that triggers the 'tcf_ife_encode' function. This can be done by setting up a traffic control (tc) action that includes the 'ife' module, and then classifying packets in a way that exceeds the maximum transmission unit (MTU) or by using specific action policies that provoke the NULL return from 'ife_encode'.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree to address this vulnerability.