Linux Kernel SME Vector Length Reallocation Vulnerability on ARM64

A vulnerability in the Linux kernel's handling of Scalable Vector Extension (SVE) state can lead to memory corruption. This issue arises in the ARM64 architecture when the SVE vector length is changed. The vulnerability occurs because the reallocation of the SVE state buffer is performed before updating the vector length in the task structure. As a result, the allocation uses the old vector length, potentially leading to an undersized buffer. This issue was introduced while fixing the SVE state allocation process and has been observed to cause problems after merging into the mainline, despite not appearing during tests on the ARM64 fixes branch.

Impact

The vulnerability can cause memory corruption by using an undersized buffer, which may lead to undefined behavior or exploitation opportunities.

Reproduction

To reproduce this vulnerability, change the SME vector length in the ARM64 Linux kernel. The issue will manifest as memory corruption due to the SVE state buffer being allocated with the old vector length, creating a mismatch that can be exploited.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.