Linux Kernel Out-of-Bounds Access Vulnerability in Ftrace Component

A vulnerability in the Linux kernel's tracing component can lead to an out-of-bounds memory access. This issue occurs when the string length written to the 'set_ftrace_filter' command exceeds the maximum buffer limit, 'FTRACE_BUFF_MAX'. The 'trace_get_user' function fails to properly terminate the parser's buffer, causing a kernel memory error. The vulnerability has been addressed by restricting access to the parser's buffer when 'trace_get_user' fails.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds memory access, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by writing a string longer than 'FTRACE_BUFF_MAX' to the 'set_ftrace_filter' command. This can be done by using a shell command that exceeds the maximum buffer limit, which will trigger a Kernel Address Sanitizer (KASAN) alert for a slab-out-of-bounds read. The call stack will show the 'trace_get_user' function failing to process the string correctly, leading to the out-of-bounds access in the 'strsep' function.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Git Repository.