Linux Kernel Null Pointer Dereference Vulnerability in Memory Bandwidth Monitoring

A null pointer dereference vulnerability has been identified in the Linux kernel's memory bandwidth monitoring feature. When a Monitoring State Controller (MSC) that supports this feature is taken offline and then brought back online, the function 'mpam_restore_mbwu_state()' attempts to restore the bandwidth counter configuration. However, it fails to properly initialize a variable that holds the value read from the counter, leading to a dereference of a null pointer. This flaw causes a kernel oops, which can be observed in the call trace. The vulnerability has been addressed by modifying the code to ensure that the variable is correctly set before it is used, preventing the null pointer dereference.

Impact

Exploitation of this vulnerability leads to a null pointer dereference, causing a kernel oops and disrupting normal system operation.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archive.