Linux Kernel i2c: i801 ACPI Lock Vulnerability Causes Kernel Panic

A vulnerability in the Linux kernel's i2c-i801 driver can lead to a kernel panic during boot. This issue arises when multiple udev threads concurrently access the i801 ACPI I/O handler, causing a NULL pointer dereference. The problem occurs because the first thread deregisters the ACPI-reserved area, while a second thread enters the handler before the area is fully unregistered. As a result, the i2c lock bus function attempts to use an unregistered area, leading to a crash. This vulnerability affects Linux kernel versions through 5.14.0-611.5.1.el9_7.x86_64.

Impact

Exploiting this vulnerability causes a kernel panic, disrupting the boot process and potentially leading to a system crash.

Reproduction

The vulnerability can be reproduced by booting a system with the affected Linux kernel version. During the boot process, multiple udev threads will access the i801 ACPI I/O handler concurrently, causing the vulnerability to manifest. This can be observed in the system logs, where the kernel panic and NULL pointer dereference errors will be recorded.

Remediation

Users can mitigate this issue by limiting the number of concurrent udev processes. Additionally, updating to a patched version of the Linux kernel is recommended.