Linux Kernel RISC-V Reserved Memory Handling Vulnerability Causes Kernel Panic

A vulnerability in the Linux kernel's handling of reserved memory for RISC-V architecture has been identified. The issue arises because RISC-V uses an early version of the device tree to set up reserved memory. This leads to a mismatch when reserved memory regions are accessed, causing a kernel panic. The panic occurs because the buffer's name is referenced using pre-virtual-memory addresses, which are incorrect, resulting in an inability to manage kernel paging requests. The vulnerability is present in Linux kernel version 6.0.0-rc1 and affects RISC-V systems, such as the Microchip PolarFire-SoC Icicle Kit.

Impact

The vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced on a RISC-V system running Linux kernel 6.0.0-rc1. During the boot process, the early version of the device tree is used to set up reserved memory. When the system attempts to access these reserved memory regions using the of_reserved_mem_lookup() function, it encounters a kernel panic. This happens because the memory addresses are not correctly translated to virtual memory, causing the kernel to fail when handling paging requests.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest stable version of the Linux kernel where this issue has been fixed.