Linux Kernel Powercap Intel RAPL Shift-Out-Of-Bounds Vulnerability

A shift-out-of-bounds vulnerability has been identified in the Intel RAPL powercap driver of the Linux kernel. This issue arises when a value is less than the time unit, causing the parameter for the ilog2() function to be zero, which in turn leads to a return value of -1. The unsigned 64-bit representation of -1 is too large for the shift exponent, triggering the out-of-bounds condition. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability causes a shift-out-of-bounds error, where the shift exponent exceeds the limits of a 32-bit integer, potentially leading to undefined behavior or memory corruption.

Reproduction

The vulnerability can be reproduced by writing a value to the RAPL time window that is less than the corresponding time unit. This can be done through the appropriate sysfs interface for RAPL power management.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest version can be found on the official Linux kernel website.