Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:bpf: Fix softlockup in arena_map_free on 64k page kernelOn an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y,arena_htab tests cause a segmentation fault and soft lockup.The same failure is not observed with 4k pages on aarch64.It turns out arena_map_free() is callingapply_to_existing_page_range() with the address returned bybpf_arena_get_kern_vm_start(). If this address is not page-alignedthe code ends up calling apply_to_pte_range() with that unalignedaddress causing soft lockup.Fix it by round up GUARD_SZ to PAGE_SIZE << 1 so that thedivision by 2 in bpf_arena_get_kern_vm_start() returnsa page-aligned value.
No PoCs from references.
- https://github.com/fkie-cad/nvd-json-data-feeds