Linux Kernel Intel Pstate Turbo Disable Crash Vulnerability

A vulnerability in the Linux kernel's Intel Pstate driver can lead to a system crash when turbo boost is disabled. This issue occurs on systems booted with the 'nosmt' kernel command line argument or with 'maxcpus' to limit the number of active CPUs. The crash happens because the 'for_each_possible_cpu()' function includes CPUs that are not online, resulting in a NULL pointer dereference when the driver attempts to access CPU data. The problem was introduced in a previous commit that changed how maximum frequency updates are handled, and it has been reported as a bug in the Linux kernel bugzilla.

Impact

Disabling turbo boost can cause a system crash due to a NULL pointer dereference in the Intel Pstate driver, leading to a kernel panic.

Reproduction

To reproduce this vulnerability, boot the system with the 'nosmt' kernel command line argument or use 'maxcpus' to limit the number of active CPUs. Once the system is running, disable turbo boost by writing '1' to the '/sys/devices/system/cpu/intel_pstate/no_turbo' file. This action will trigger a crash, as the Intel Pstate driver attempts to access data for CPUs that are not online, resulting in a NULL pointer dereference and a kernel panic.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.