Linux Kernel PTP NULL Pointer Dereference Vulnerability in ice Driver During VSI Rebuild

A NULL pointer dereference vulnerability has been identified in the Linux kernel's ice driver, specifically within the PTP (Precision Time Protocol) functionality. This issue occurs during the virtual station interface (VSI) rebuild process, when PTP periodic work is improperly scheduled, leading to a crash. The vulnerability affects the Linux kernel stable tree, particularly in versions where this PTP work scheduling issue is present.

Impact

Exploitation of this vulnerability causes a kernel panic due to a NULL pointer dereference, disrupting system stability and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by initiating a VSI rebuild while PTP periodic work is queued to run. This can be done by canceling the PTP work, immediately queuing it again, and then starting the VSI rebuild. As the PTP work accesses the VSI's receive rings, which are not yet available, a NULL pointer dereference occurs, causing a kernel crash.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability. The patch is included in the official Linux Git repository.