Linux Kernel Cpufreq Qcom Write in Read-Only Memory Vulnerability

A vulnerability in the Linux kernel's cpufreq component for Qualcomm processors has been addressed. The issue involved writing to a read-only memory region, which caused a kernel oops error. This vulnerability was introduced in version 5.7 and affected several subsequent versions. The problem arose because a pointer was defined to a character buffer stored in read-only memory, intended to hold a template for speed and version information. When the template was overwritten by a function, it resulted in a kernel oops. The vulnerability has been fixed by changing the storage of the template to a stack-based buffer that can be modified, preventing writes to read-only memory.

Impact

Exploitation of this vulnerability led to a kernel oops, an internal error indicating a failure to handle a write operation to a read-only memory area. This type of error can cause system instability or crashes.

Reproduction

The vulnerability can be reproduced by triggering the cpufreq probe for Qualcomm Krait-based SoCs in the affected Linux kernel versions. This can be done by loading the cpufreq driver for these processors, which will execute the qcom_cpufreq_probe function. During this process, the vulnerability manifests as a kernel oops error, indicating a write to a read-only memory region.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux kernel stable tree.