Linux Kernel Buffer Overflow Vulnerability in Page Owner Management

A buffer overflow vulnerability has been identified in the Linux kernel's page owner management feature. This issue arises because the 'strlcpy' function is used to copy data into the 'current->comm' array, which does not guarantee a null-terminated string. The improper string handling can lead to out-of-bounds memory access. The vulnerability was discovered during a syzbot fuzzing session, where it triggered a kernel bug related to string length fortification, causing a crash.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly be used to execute arbitrary code or cause a system crash.

Reproduction

The vulnerability can be reproduced by running a version of the Linux kernel that includes the flawed 'strlcpy' usage in the page owner management code. This can be done by using a kernel version that is prior to the patch addressing this vulnerability, such as 5.18.0-rc3.

Remediation

Users should upgrade to the latest stable version of the Linux kernel where this vulnerability has been patched.