Linux Kernel Privileged Command IOCTL Memory Allocation Warning Vulnerability

A vulnerability in the Linux kernel's handling of user-controlled data in the Xen privileged command IOCTL can lead to improper memory allocation. If a user attempts to allocate memory larger than or equal to the maximum order, the allocation will fail, generating a warning that disrupts the system log. This issue arises in the 'privcmd_ioctl_mmap_resource' function, where the 'kdata.num' variable is user-controlled. The vulnerability has been addressed by modifying the memory allocation function to include a flag that suppresses warnings about large allocations.

Impact

Exploitation of this vulnerability could cause a denial of service by disrupting system logging and creating stack traces that complicate debugging.

Reproduction

The vulnerability can be reproduced by sending an IOCTL_PRIVCMD_MMAP_RESOURCE command to the Xen privileged command interface with a 'kdata.num' value that requests a memory allocation larger than the maximum order. This will trigger a failure in the 'kcalloc' function, causing a warning to be logged that interferes with normal system log processing.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.