Linux Kernel Page Pool Error Handling Vulnerability in LAN966X Driver

A vulnerability exists in the Linux kernel's LAN966X Ethernet driver, specifically in the function responsible for allocating pages from the page pool for receive operations. The issue arises because the page_pool_create() function can return an error pointer on failure, but this potential error is not checked before the pointer is used. This oversight allows a null pointer to be dereferenced, leading to a kernel oops, which is a type of crash in the Linux kernel. The vulnerability affects the stable versions of the Linux kernel that include the LAN966X driver.

Impact

The vulnerability can be exploited by causing a null pointer dereference, leading to a kernel oops and potentially causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by loading the LAN966X Ethernet driver in a stable version of the Linux kernel that is vulnerable to this issue. Once the driver is loaded, the page_pool_create() function will be called without proper error handling, allowing the null pointer dereference to occur.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The official Linux kernel Git repository can be checked out for the latest stable releases.