CVE-2021-46940 - Linux Kernel Vulnerability: Fixing Offset Overflow in tools/power turbostat

A vulnerability has been discovered and fixed in the Linux kernel, specifically in the tools/power turbostat module. This issue is related to an offset overflow that can occur in index converting functions. In this post, we will go over the vulnerability details, the relevant code snippets, and provide links to the original references.

Vulnerability Details

The problem lies in the idx_to_offset() function, which returns a 32-bit signed integer (int). However, the value it's used with, MSR_PKG_ENERGY_STAT, is an unsigned 32-bit integer (u32). This difference in data types can cause the function to return a negative number, which triggers a check in the update_msr_sum() function. The check prevents the timer callback from updating the background statistics when long durations are used. Similar issues exist in the offset_to_idx() and update_msr_sum() functions.

Exploit Details

The vulnerability does not have any known exploits as of now. However, it is important to patch the issue to ensure the correct functioning of the turbostat module in the Linux kernel, preventing potential error propagation and system malfunctions.

Code Snippet

To fix this issue, the developers changed the data type for the affected functions from 'int' to 'off_t'. The code snippet below demonstrates the changes made to the idx_to_offset() function:

// Original code using 'int':
static int idx_to_offset(int idx)
{
    return idx * msr_pkg_energy_status_unit;
}

// Fixed code using 'off_t':
static off_t idx_to_offset(int idx)
{
    return (off_t) idx * msr_pkg_energy_status_unit;
}

Similar changes were made to the offset_to_idx() and update_msr_sum() functions.

Original References

1. The official patch for the vulnerability is available at the Linux kernel repository: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b95162528e1791fb7fab4cebb718556f7b1dd60
2. The Linux kernel mailing list conversation detailing the vulnerability and the fix can be found at: https://lore.kernel.org/lkml/20210420161229.3721286-1-adobriyan@gmail.com/

Conclusion

CVE-2021-46940 is a vulnerability related to an offset overflow issue in the Linux kernel's tools/power turbostat module. This issue has been fixed by changing the data type from 'int' to 'off_t' in the idx_to_offset(), offset_to_idx(), and update_msr_sum() functions. Make sure to apply the patch to your Linux kernel to prevent any potential issues related to this vulnerability.

Timeline

Published on: 02/27/2024 19:04:05 UTC
Last modified on: 04/10/2024 19:44:37 UTC