Linux Kernel KCSAN Vulnerability: Unaligned Memory Read Issue in Instrumented Memory Function

A vulnerability has been identified in the Linux kernel's KCSAN (Kernel Concurrency Sanitizer) module, specifically in the function that reads instrumented memory. The issue arises from the use of the READ_ONCE() macro, which on certain arm64 configurations can be promoted to an atomic acquire instruction. This promotion is problematic because unaligned addresses cannot be handled by such instructions. As a result, a kernel paging request error occurs, leading to an alignment fault. The vulnerability affects Linux kernel versions 5.17 and later.

Impact

Exploitation of this vulnerability causes a kernel paging request error, resulting in an internal alignment fault. This type of error can disrupt normal kernel operations and potentially lead to a denial of service.

Reproduction

The vulnerability can be reproduced by triggering a KCSAN watchpoint setup, which involves using the KCSAN tool to monitor memory accesses. This can be done by creating a workload that accesses memory in a way that KCSAN can instrument, such as using multi-threaded processes that read and write shared data. The unaligned read issue will cause a data abort exception, simulating the conditions of the vulnerability.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest version can be found on the official Linux kernel website.