Linux Kernel Stack-Out-of-Bounds Read Vulnerability in ptrace Handling

A stack-out-of-bounds read vulnerability has been identified in the Linux kernel's ARM64 architecture, specifically within the ptrace implementation. The issue arises in the function 'regs_get_kernel_stack_nth()', where a read operation exceeds the allocated stack boundaries. This vulnerability was detected by the Kernel Address Sanitizer (KASAN), which reported the improper access during a stack read operation by a specific task.

Impact

Exploitation of this vulnerability leads to a stack-out-of-bounds read, which can potentially be leveraged to read sensitive information from the stack or cause other memory-related issues.

Reproduction

The vulnerability can be reproduced by invoking the 'ptrace' system call with certain parameters that trigger the 'regs_get_kernel_stack_nth()' function. This can be done by a script or program that attaches to a process using 'ptrace' and requests to read the kernel stack registers. The KASAN-enabled kernel will then report the stack-out-of-bounds read error.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.