Zhixu Liu

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.21 Description: The issue is related to the `rcu-tasks` component in the Linux kernel, specifically with the `rcu tasks need gpcb()` function. When the kernel is built with `CONFIG FORCE NR CPUS=y`, it can lead to a system panic due to accessing a non-existent percpu `rtpcp` variable. The panic occurs because `nr cpu ids` is defined as `NR CPUS` instead of the actual number of possible CPUs, causing a page fault. The estimated number of potentially affected devices is not specified. Recommendations: For Linux kernel versions prior to 6.6.21, consider updating to a newer version to resolve the issue. As a temporary workaround, avoid using the `rcu tasks need gpcb()` function until a patch is available. Restrict access to the `rcu-tasks` component to minimize the risk of exploitation.