Linux Kernel Copy User Exception Reporting Vulnerability on SPARC

A vulnerability in the Linux kernel's handling of user-space memory references in the copy_from_user and copy_to_user functions has been addressed. This issue, present in the stable branch of the Linux kernel, specifically affects the SPARC architecture. The vulnerability arose because the exception handlers for these functions did not accurately calculate the remaining bytes to copy, leading to potential crashes and incorrect return values when faults occurred. The problem has been fixed by correcting the calculation errors and the exception handler's epilogue, ensuring that the memory copy functions behave correctly in faulting situations without altering the behavior of the standard memcpy function.

Impact

The vulnerability could cause crashes or incorrect behavior in user-space memory copying operations, particularly in faulting scenarios.

Reproduction

The vulnerability can be reproduced on a SPARC T2000 or T1000 system by using a modified kernel that applies the changes introduced in the referenced commit. The issue can be observed by performing memory copy operations that trigger exceptions, such as copying data from user space to kernel space or vice versa, while the kernel is running the unpatched version of the exception handling code.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.