Linux Kernel KASAN Initialization Vulnerability on RISC-V Architecture

A vulnerability in the Linux kernel's memory management for the RISC-V architecture has been addressed. The issue arose from a missing memory copy operation during the initialization of the Kernel Address Sanitizer (KASAN), which could lead to a system panic. This vulnerability affected the Linux kernel stable tree and was present in versions prior to the patch. The absence of the memory copy caused page faults when reading or writing to the KASAN shadow region, particularly with the new allocations for page table directories. The vulnerability was identified and tested on QEMU with both SV57 and SV48 virtual environments, using a kernel configuration that enabled KASAN.

Impact

The missing memory copy during KASAN initialization could lead to page faults when accessing the KASAN shadow region, causing a system panic. This disruption in memory management could undermine the effectiveness of KASAN, a tool used to detect memory errors in the kernel.

Reproduction

The vulnerability can be reproduced by running a QEMU virtual machine with RISC-V architecture, specifically using the SV57 or SV48 virtual environments. The Linux kernel must be configured with KASAN enabled. During the KASAN population process, the absence of the necessary memory copy operation will result in a page fault when the system attempts to read from or write to the KASAN shadow region, leading to a panic.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability. The patch can be downloaded as part of the Linux kernel source code.