Linux Kernel Ptrace Vulnerability in AArch64 Regset Handling

A vulnerability in the Linux kernel's ptrace implementation for AArch64 tasks has been addressed. The issue arose because the 'ctrl' variable in the tagged_addr_ctrl_set() function was not properly initialized. This flaw allowed a SETREGSET call with a length of zero to read an uninitialized value, potentially leaking up to 64 bits of memory from the kernel stack. While the leak was limited to a specific stack slot and did not include a write capability, it could still expose sensitive information. The vulnerability occurred in the NT_ARM_TAGGED_ADDR_CTRL regset, which is used by native AArch64 tasks to manipulate each other. The problem has been fixed by ensuring the temporary value is initialized before copying the regset from userspace, similar to other regsets.

Impact

Exploitation of this vulnerability could lead to the unintentional disclosure of up to 64 bits of memory from the kernel stack, potentially leaking sensitive information.