Linux Kernel VA-Range Sanity Check Vulnerability in Arm64 Architecture

A vulnerability in the Linux kernel's arm64 architecture has been addressed, concerning an incorrect sanity check for virtual address ranges. The issue arose because the current validation logic, which excludes certain regions like KASAN shadow and module areas, was based on a historical error. The flawed condition was introduced when arm64 support was first added, and subsequent changes to the kernel's virtual address space were not properly reflected in the validation logic. This oversight could potentially lead to improper handling of memory mappings.

Impact

The vulnerability could cause incorrect memory mapping behaviors, potentially allowing for memory corruption or other unintended consequences in the kernel.

Reproduction

The vulnerability can be reproduced by triggering the 'create_mapping_noalloc' or 'update_mapping_prot' functions with a virtual address that falls within the KASAN shadow or module regions. The current sanity check will incorrectly exclude these addresses, leading to potential issues.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.