Linux Kernel IOMMU FD Component ALIGN Overflow Vulnerability Allowing Mapping Overlaps

A vulnerability in the Linux kernel's IOMMU FD component could lead to overlapping memory mappings. This issue arises because the alignment process for I/O virtual addresses (IOVA) can malfunction when the range is near ULONG_MAX, causing the alignment function to wrap around and corrupt the IOVA. As a result, userspace could create mappings that interfere with existing ones or encroach on reserved areas.

Impact

Exploitation of this vulnerability could allow userspace to create memory mappings that overlap with other mappings or reserved ranges, potentially leading to unintended behavior or interference with critical system functions.

Reproduction

The vulnerability can be reproduced by allocating IOVA ranges that are close to ULONG_MAX. During the allocation process, the candidate range is aligned to the target alignment. If the range is near the maximum value, the alignment can wrap around, causing corruption. This allows for the creation of overlapping mappings in userspace.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Git Repository. Instructions for downloading the latest version can be found in the repository.