Linux Kernel Remote Procedure Call Memory Copy Vulnerability for i.MX DSP Cores

A vulnerability in the Linux kernel's remote procedure call handling for i.MX DSP cores has been addressed. The issue arose because the internal RAM (IRAM) of the HiFi DSP only allows 32-bit write operations, as specified by the hardware documentation. Violating this restriction could lead to a kernel panic. To mitigate this, a custom implementation for memory copying and setting functions was introduced, ensuring compliance with the 32-bit write limitation.

Impact

The vulnerability could cause a kernel panic by violating the 32-bit write restriction, leading to a crash of the operating system.

Reproduction

The vulnerability can be reproduced by attempting to write to the IRAM of the i.MX DSP cores with data larger than 32 bits, which will result in a kernel panic. This can be done by loading a firmware image that does not comply with the 32-bit write requirement, causing the kernel to crash when the firmware is processed.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.