Linux Kernel CAAM Crypto Subsystem Suspend Crash Vulnerability on iMX8QM and iMX8ULP

A vulnerability in the Linux kernel's CAAM crypto subsystem can lead to a crash during suspend operations on iMX8QM and iMX8ULP systems. This issue arises because the CAAM is managed by another ARM core, which reserves access to register page 0, preventing suspend operations from accessing it. The problem is similar to scenarios where OPTEE reserves page 0. The vulnerability has been addressed by introducing a new state variable to track whether page 0 is reserved, allowing for proper management during suspend and resume operations.

Impact

The vulnerability can cause a system crash during suspend operations, leading to a synchronous external abort error. This disrupts the normal power management process and can cause instability in the system.

Reproduction

The vulnerability can be reproduced by suspending the system while the CAAM is active. The suspension process will encounter an internal error due to the reserved page 0, causing a synchronous external abort. This can be observed in the system logs, where the error and the call trace indicating the suspension process can be found.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel repository.