Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:x86/alternatives: Disable KASAN in apply_alternatives()Fei has reported that KASAN triggers during apply_alternatives() ona 5-level paging machine: BUG: KASAN: out-of-bounds in rcu_is_watching() Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0 ... __asan_load4() rcu_is_watching() trace_hardirqs_on() text_poke_early() apply_alternatives() ...On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().KASAN gets confused when apply_alternatives() patches theKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_STARTstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.Fix it for real by disabling KASAN while the kernel is patching alternatives.[ mingo: updated the changelog ]
- https://git.kernel.org/stable/c/d35652a5fc9944784f6f50a5c979518ff8dacf61
No PoCs found on GitHub currently.