Linux Kernel Ring Buffer Metadata Validation Vulnerability

A vulnerability in the Linux kernel's ring buffer management has been addressed. The issue arose because the validation process for the metadata of a mapped ring buffer did not check for duplicate entries in the subbuffer index array. This array is crucial for creating the ring buffer link list, as it orders the subbuffers and indicates the reader page. The lack of duplicate validation could lead to corruption in the ring buffer link list, potentially causing a kernel crash. Although the corruption from this vulnerability was initially limited to misrepresenting data without crashing the kernel, it highlighted a significant oversight in the validation process.

Impact

The vulnerability could lead to a kernel crash by corrupting the ring buffer link list, especially if duplicates were introduced on the writer side.

Remediation

The vulnerability has been resolved by enhancing the validation process to check for duplicates in the subbuffer array before creating the ring buffer link list.