In the Linux kernel, a vulnerability, specifically a kernel panic, has been resolved. This issue has been documented under the Common Vulnerabilities and Exposures system as CVE-2021-46957. The vulnerability affected the RISC-V architecture and was related to the execution of sys_read when traced by a kprobe, causing a kernel panic in certain situations. The issue was addressed in the Linux kernel through a fix of the RISC-V kprobe implementation. Let's dive into the problem, the original issue, and the details of the fix.

Original Issue

The kernel panic occurred when the execution of sys_read was traced by a kprobe, which led to a BUG_ON() in __find_get_block. The following panic message was produced:

[   65.708663] ------------[ cut here ]------------
[   65.709987] kernel BUG at fs/buffer.c:1251!
...
---cut---
[   65.738858] ---[ end trace fe93f985456c935d ]---

To reproduce the issue, the following code snippet could be used

echo 'p:myprobe sys_read fd=%a buf=%a1 count=%a2' > /sys/kernel/debug/tracing/kprobe_events
echo 1 > /sys/kernel/debug/tracing/events/kprobes/myprobe/enable
cat /sys/kernel/debug/tracing/trace

Underlying Cause

The issue was caused by the kernel not properly handling an instruction after installing a kprobe at the entry of sys_read. The RISC-V architecture replaced the first instruction with an ebreak instruction. This triggered an instruction page fault exception, and the kernel panicked as a result.

The Fix

The fix involved correcting the way the RISC-V kprobe implementation handled the ebreak instruction, resolving the kernel panic issue. You can find details about the fix here in the kernel's official repository.

Exploit Details

Exploiting this vulnerability would require a local attacker with the ability to install kprobes and to execute the sys_read system call. This could potentially be utilized to crash the affected system, causing a denial of service. However, the impact of this vulnerability is relatively limited as it requires local access to the vulnerable system.

Conclusion

In conclusion, CVE-2021-46957 was a kernel panic vulnerability affecting the RISC-V architecture in the Linux kernel. The issue has been resolved by fixing the RISC-V kprobe implementation and has been documented in the Linux kernel's official repositories. Users of affected systems should ensure that they have the latest patches and updates applied to stay protected against this and other similar vulnerabilities.

Timeline

Published on: 02/27/2024 19:04:06 UTC
Last modified on: 02/28/2024 14:06:45 UTC