Linux Kernel Double Free Vulnerability in Thread Management on s390x Architecture

A double free vulnerability has been identified in the Linux kernel's handling of thread management on s390x architecture. This issue arises during the fork() process, where pointers to guarded storage and runtime instrumentation control blocks are duplicated and then cleared. If the fork() fails after the duplication but before the pointers are cleared, the memory associated with the failed task is released, leading to a double free of the instrumentation control blocks. This vulnerability can cause a BUG_ON() error or a KASAN splat when running syscall fuzz tests on s390x.

Impact

Exploitation of this vulnerability can lead to a double free condition, causing memory corruption. This could potentially be exploited to execute arbitrary code or cause a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by running the Trinity syscall fuzzing tool on a Linux kernel with CONFIG_SLAB_FREELIST_HARDENED and KASAN enabled, specifically on the s390x architecture. The fuzzing process will trigger the fork() failure, leading to the double free condition.

Remediation

The vulnerability has been addressed in the official Linux kernel repository. Users should upgrade to the latest version where this issue has been fixed.