Linux Kernel ACPI APEI Synchronous Memory Error Handling Vulnerability

A vulnerability in the Linux kernel's ACPI APEI component can lead to a denial-of-service condition. This issue arises when a user-space process triggers a 2-bit uncorrected memory error, causing the CPU to generate a Synchronous External Abort (SEA) exception on Arm64. While the kernel typically queues a memory_failure() task to handle this error by poisoning and unmapping the affected page, such intervention is absent for abnormal synchronous errors. These unhandled errors can cause the user-space process to repeatedly trigger SEA, potentially exceeding platform firmware limits or causing a kernel hard lockup, which leads to a system reboot.

Impact

Failure to properly manage synchronous memory errors can cause a kernel hard lockup, disrupting system operations and requiring a reboot.

Reproduction

The vulnerability can be reproduced by inducing a 2-bit uncorrected memory error in a user-space process on an Arm64 system. This will trigger a Synchronous External Abort, which the kernel normally handles by queuing a memory_failure() task. However, if abnormal synchronous errors occur, this handling is skipped, allowing the process to repeatedly trigger SEA and create a denial-of-service condition.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.