Linux Kernel I/O Memcpy Vulnerability in ARM Tegra

A vulnerability has been identified in the Linux kernel's ARM Tegra architecture, where the standard memory copy function (memcpy) is used to write to internal RAM (IRAM). This approach causes the kernel to crash while the memory error detection tool, KASAN, attempts to verify memory boundaries. The issue arises because the normal memcpy does not account for specific hardware requirements, leading to a kernel panic.

Impact

The vulnerability causes a kernel crash, disrupting system operations and potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using the normal memcpy function to write data to the IRAM in the ARM Tegra architecture. This can be done by modifying the 'tegra_cpu_reset_handler_enable' function in the 'arch/arm/mach-tegra/reset.c' file to use the standard memcpy instead of the I/O version that is required for this specific hardware.

Remediation

The vulnerability has been addressed by changing the memory copy function from the standard 'memcpy' to 'memcpy_toio', which is appropriate for writing to I/O memory regions. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.