Linux Kernel Lowcore Identity Mapping Vulnerability on s390 Architecture

A vulnerability in the Linux kernel's handling of lowcore memory mapping on s390 architecture has been addressed. The issue arose because the identity mapping of physical memory was fixed to address zero, leading to lowcore being mapped to the same address. This behavior occurred regardless of the 'relocate_lowcore' command line option. When the option was used, lowcore was mapped twice instead of once. As a result, accesses to NULL pointers would succeed instead of causing an exception, although some low address protections remained in place. The vulnerability affected several versions of the Linux kernel.

Impact

The vulnerability allowed NULL pointer accesses to succeed, potentially leading to unintended behavior or exploitation, as low address protections were only partially effective.

Reproduction

The vulnerability could be reproduced by booting a Linux kernel on an s390 system with the 'relocate_lowcore' command line option. This would result in lowcore being mapped twice, causing NULL pointer accesses to succeed.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree by modifying the lowcore mapping process. Users should upgrade to the latest version of the Linux kernel.