Linux Kernel Cgroup Dmem NULL Pointer Dereference Vulnerability

A NULL pointer dereference vulnerability has been identified in the Linux kernel's memory accounting cgroup subsystem, specifically within the 'dmem' controller. This issue, present in versions 6.14 and later, was triggered when the 'max' limit was set without proper validation, leading to a kernel panic. The vulnerability arises from the 'dmemcg_limit_write' function, where an invalid region name could be parsed, causing a crash when the kernel attempted to dereference a NULL pointer.

Impact

Exploitation of this vulnerability leads to a kernel panic due to a NULL pointer dereference, causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by writing an invalid value to the 'dmem.max' file of a cgroup managed by the 'dmem' memory accounting controller. This can be done using a command that echoes an invalid region name into 'dmem.max', which will trigger the NULL pointer dereference when the kernel tries to process the invalid input.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed. Instructions for downloading the latest version can be found on the official Linux kernel website.