Linux Kernel PowerPC Code Patching Vulnerability Allows User Memory Access KASAN Report

Vulnerability

A vulnerability in the Linux kernel's handling of PowerPC code patching has been identified. This issue arises because the kernel's AddressSanitizer (KASAN) does not report user-memory-access errors during the instruction patching process, potentially leading to undetected memory access violations. The vulnerability was observed on a Talos II (Power9) system running kernel version 6.13, where KASAN reported a user-memory-access error related to the 'systemd' process. The issue stems from a recent change in how the kernel patches instructions, which inadvertently exposed a user-space memory access violation that KASAN failed to catch.

Impact

Exploitation of this vulnerability could lead to unreported user-memory-access violations, allowing for potential memory corruption or unauthorized access to user-space memory from kernel-space processes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel PowerPC Code Patching Vulnerability Allows User Memory Access KASAN Report

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating