Linux Kernel Shadow Stack Register Handling Vulnerability

A vulnerability in the Linux kernel's x86 floating-point unit (FPU) handling of shadow stack registers has been addressed. The issue arises because the shadow stack, which is managed by XSAVE, contains supervisor state components that userspace cannot access. This limitation prevents the shadow stack registers from being available through the standard ptrace interface for XSAVE state. As a result, a new ptrace get/set interface was introduced, but the regset code did not properly verify if the shadow stack was active before allowing certain operations. This oversight could lead to warnings being triggered when the shadow stack is not enabled, causing potential disruptions in the kernel's operation.

Impact

The vulnerability could cause the kernel to issue warnings about invalid operations, indicating that the shadow stack handling was not properly synchronized with the kernel's readiness to manage it. This could lead to unexpected behavior in processes that rely on shadow stack features.

Reproduction

The vulnerability can be reproduced by calling the ptrace regset get handler for shadow stack registers when the shadow stack is disabled. This will trigger a warning in the kernel, indicating that the operation was invalid because the necessary shadow stack support was not active.

Remediation

Users should ensure that their Linux kernel is updated to a version where this vulnerability has been addressed.