Linux Kernel PowerPC RTAS Avoid Scheduling in rtas_os_term Vulnerability

A vulnerability in the Linux kernel's handling of the RTAS (Run-Time Abstraction Services) function 'ibm,os-term' has been identified. The issue arises in the PowerPC architecture, specifically within the 'rtas_os_term' function. The vulnerability can lead to a kernel panic, as the function improperly manages a busy status by using 'rtas_busy_delay()', which can cause the kernel to sleep and disrupt critical processes. This flaw has been introduced in the Linux kernel version 6.0.0-rc5 and has been present in several prior versions.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations by terminating the init process, which is crucial for system stability and management.

Reproduction

To reproduce this vulnerability, invoke the 'ibm,os-term' RTAS function from a context that does not allow sleeping, such as an interrupt handler or a real-time task. The 'rtas_os_term' function will call 'rtas_busy_delay()' to manage a busy status, which is unsafe in this context. This improper handling will trigger a kernel panic, as the system attempts to kill the init process, leading to a crash.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version available in this repository to mitigate the issue.