Linux Kernel Slab-Out-Of-Bounds Vulnerability in Tracing Component

A slab-out-of-bounds vulnerability has been identified in the Linux kernel's tracing component, specifically within the osnoise feature. This issue arises when the 'osnoise cpus' configuration is set via the write() syscall, leading to a KASAN (Kernel Address Sanitizer) error. The vulnerability occurs because the 'bitmap_parselist()' function, which parses the CPU list, requires the input string to be properly terminated. The absence of this termination can cause out-of-bounds memory access, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds memory access, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by writing an unterminated CPU list string to the '/sys/kernel/debug/tracing/osnoise/cpus' file. This can be done by opening the file in write mode and sending a string that lacks the necessary termination, such as a simple '1'.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.