Linux Kernel rseq Registration Segmentation Fault Vulnerability

A segmentation fault vulnerability has been identified in the Linux kernel related to the rseq registration process. The issue arises when the rseq_cs field, which is supposed to be set to zero by user space before registration, is not properly enforced by the kernel. This can lead to a segmentation fault when returning to user space if the rseq_cs value does not point to a valid struct rseq_cs. The vulnerability is particularly problematic because some older glibc versions reuse the rseq area of previous threads without clearing the rseq_cs field, potentially terminating the process if the rseq registration fails in a secondary thread.

Impact

Exploitation of this vulnerability can lead to a segmentation fault, causing a process to crash.

Remediation

The vulnerability has been addressed by modifying the kernel to clear the rseq_cs field on registration when it is non-zero. This change prevents segmentation faults during registration and does not interfere with glibc versions that reuse rseq areas when creating new threads.