Linux Kernel KMSAN Out-of-Bounds Memory Access Vulnerability

A vulnerability in the Linux kernel's KMSAN (Kernel Memory Sanitizer) feature allows for out-of-bounds access to shadow memory. This issue occurs in versions through 6.17.0-rc3. The vulnerability is triggered when the 'sha224_kunit' test is run on a KMSAN-enabled kernel. The test causes a crash by accessing an unmapped memory page, leading to a page fault error. The root cause is improper handling of memory alignment, which allows reads from shadow memory beyond the allocated buffer, crashing the kernel when the accessed memory is not mapped.

Impact

Exploitation of this vulnerability causes a kernel crash due to a page fault error, disrupting system operations and potentially leading to a denial of service.

Reproduction

To reproduce this vulnerability, run the 'sha224_kunit' test on a KMSAN-enabled Linux kernel version through 6.17.0-rc3. This can be done by compiling the kernel with KMSAN enabled and then executing the test, which will trigger the out-of-bounds memory access and cause a kernel crash.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the latest version can be found on the official Linux kernel website.