Linux Kernel CAP_SYS_ADMIN Requirement for Uprobes Vulnerability

A vulnerability in the Linux kernel's handling of uprobes has been addressed by reverting to a requirement for CAP_SYS_ADMIN privileges. This change was made because uprobes could be used destructively when placed in the middle of an instruction. The kernel's verification process only ensures that a valid instruction exists at the specified offset, but cannot account for variable instruction lengths, potentially leading to misinterpretation of the execution stream. On architectures like arm64, which mix data in the text segment, a data word could be incorrectly recognized as an instruction, allowing similar destructive use of uprobes.

Impact

The vulnerability could be exploited to misuse uprobes in a way that disrupts normal instruction processing, potentially leading to incorrect program behavior or execution flow.

Reproduction

To reproduce this vulnerability, an uprobe can be placed at an offset that corresponds to the middle of an instruction. The kernel will not be able to correctly interpret the instruction due to its variable length, which could allow for destructive manipulation of the instruction execution. This issue is exacerbated on arm64 architectures, where data in the text segment can be misinterpreted as an instruction.

Remediation

Users should ensure that uprobes are only used with the appropriate CAP_SYS_ADMIN privileges. The Linux kernel has been updated to require this privilege for uprobes, so users should upgrade to the latest version.