Linux Kernel Uprobes Vulnerability Leading to Bad Page State Crash

A vulnerability in the Linux kernel's uprobes functionality has been addressed, which could lead to a crash by causing a bad page state error. This issue arises when a user probe interacts with a shared zero page, triggering a reference count error and a bad page state warning. The vulnerability was identified during syzkaller testing, where the improper handling of the zero page reference count led to the page being freed incorrectly, causing the system to report a bad page state error.

Impact

Exploitation of this vulnerability can lead to a system crash, with the kernel reporting a bad page state due to incorrect reference counting on a shared zero page.

Reproduction

The vulnerability can be reproduced using a syzkaller test case that creates a file, writes data to it, and then opens the file. After mapping the file into memory, the test case registers a userfaultfd, which is used to manage memory page faults. The test case then triggers the vulnerability by using the userfaultfd to request the zero page, which is improperly handled by the kernel, leading to the bad page state error.