Linux Kernel Kprobe Recursion Vulnerability in Cortex-A76 Debug Exception Handling

A vulnerability in the Linux kernel's handling of debug exceptions on ARM64 architecture can lead to a stack overflow. This issue arises in the cortex_a76_erratum_1463225_debug_handler() function, which is called during debug exceptions and can be probed. If this function is probed and not inlined by the compiler, it can cause recursive exceptions, leading to a kernel stack overflow. This vulnerability is a regression introduced by a recent commit that removed a crucial annotation, allowing the function to be probed and disrupt exception handling.

Impact

Exploitation of this vulnerability causes a kernel stack overflow, leading to a kernel panic and a crash of the affected system.

Reproduction

The vulnerability can be reproduced by probing the cortex_a76_erratum_1463225_debug_handler() function using kprobes. This can be done by echoing the probe command into the kprobe_events file, enabling the probe, and then triggering a debug exception or software breakpoint exception. The resulting stack overflow will cause a kernel panic, demonstrating the vulnerability.

Remediation

Users can apply the latest patches from the Linux kernel stable branch to address this vulnerability.