Linux Kernel PowerPC Memory Hotplug Vulnerability in High Memory Validation

A vulnerability in the Linux kernel's PowerPC architecture has been identified, related to memory hotplug operations. The issue arises from a recent change that improved address validation against high memory values. This modification inadvertently triggered a kernel bug when handling direct access (DAX) persistent memory. The bug occurred during the execution of certain system calls, leading to a program check exception and a kernel panic. The vulnerability affects Linux kernel versions 5.19.0-rc3 and earlier.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting all processes and potentially leading to data loss.

Reproduction

The vulnerability can be reproduced by adding pages to the memory hotplug system on a PowerPC machine running an affected Linux kernel version. This can be done using the 'add_pages' command, which will trigger the high memory validation. If the added pages are DAX persistent memory, the kernel will encounter a bug that causes a panic.

Remediation

Users can update to a patched version of the Linux kernel that addresses this vulnerability. Instructions for updating the kernel can be found in the official Linux kernel documentation.