Linux Kernel PCI Endpoint Unlink Function Parameter Swapping Vulnerability

A vulnerability exists in the Linux kernel's PCI endpoint management, specifically within the unlink functions for primary and secondary EPC-EPF associations. The issue arises from a parameter order mismatch in the unlink functions, which incorrectly specifies the source and target items. This flaw leads to a kernel crash when the unlink command is executed in configfs, as the system is unable to properly handle the misaligned data, causing a paging request error. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a kernel crash due to a paging request error, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by linking two EPCs with an EPF using the configfs interface, and then attempting to unlink them. The unlink operation will fail, causing a kernel crash.

Remediation

Users can apply the available patch in the Linux kernel stable tree to fix this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel repository.