Linux Kernel Broadcom BCM6358 RAC Flush Vulnerability Causes Kernel Panic

A vulnerability in the Linux kernel's handling of the Read-ahead Cache (RAC) flush for the Broadcom BCM6358 chipset has been identified. When the RAC flush is enabled, it leads to kernel panics on BCM6358 devices using EHCI/OHCI, particularly when booting from the second thread (TP1). The issue arises because the bootloader does not properly initialize the RAC on this thread, causing a corruption of the instruction stream and a reserved instruction fault in the kernel. This vulnerability affects Linux kernel versions prior to 5.10.16.

Impact

Enabling the RAC flush on BCM6358 devices can cause a kernel panic, halting the system and leading to a crash that requires a manual reboot.

Reproduction

The vulnerability can be reproduced by booting a BCM6358 device with an affected Linux kernel version that has the RAC flush enabled. The kernel panic can be observed in the boot logs, where a reserved instruction fault is reported, indicating that the RAC flush has caused a crash.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version of the kernel to apply the fix.