Null Pointer Dereference in Linux Kernel vmbus Driver Impacting Multiple Environments
CVE-2023-53273
What is CVE-2023-53273?
The vulnerability in the Linux kernel's vmbus driver can lead to a null pointer dereference when channel allocation is not adequately verified. Specifically, the function relid2channel() assumes that the vmbus channel array has been allocated at the moment it's called. If a second kernel is booted in scenarios such as kdump/kexec, not all relids may reset as expected by the host. This situation arises if a guest receives a vmbus interrupt during vmbus driver initialization, particularly before vmbus_connect() concludes, or if it fails entirely. Consequently, this issue raises significant concerns for systems relying on vmbus, prompting the need for stringent warnings and error handling in relid2channel() to address invalid channel IDs.
Affected Version(s)
Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23 < 176c6b4889195fbe7016d9401175b48c5c9edf68
Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23
Linux 8b6a877c060ed6b86878fe66c7c6493a6054cf23 < 8c3f0ae5435fd20bb1e3a8308488aa6ac33151ee