Linux Kernel FineIBT Control Flow Integrity Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's x86 architecture has been identified, where Rust code calling the core formatting library can trigger a kernel panic when FineIBT (Indirect Branch Tracking) is enabled. This issue arises because the formatting operation violates Control Flow Integrity (CFI) rules, causing a Control Protection exception. The vulnerability is present in Linux kernel versions that allow FineIBT to be enabled by default when Rust is active, particularly in versions prior to the upcoming Rust 1.88 release, which is expected to address this compatibility issue.

Impact

Exploitation of this vulnerability causes a kernel panic, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by enabling FineIBT in the Linux kernel while using a version of Rust prior to 1.88.0. When Rust code calls the formatting functions in the core library, the CFI violation occurs, leading to a kernel panic. This sequence of actions can be automated with a script that compiles Rust code with the vulnerable formatting calls, ensuring FineIBT is active in the kernel configuration.

Remediation

Users can disable FineIBT by default when using Rust in the kernel. Additionally, updating to a version of Rust 1.88.0 or later, once available, should resolve the issue.