Linux Kernel KVM: arm64 Out-of-Bounds Access Vulnerability in FF-A Memory Share

A vulnerability has been identified in the Linux kernel's KVM component for arm64 architecture. This issue arises from inadequate validation of memory offsets in the FF-A (Firmware Framework for Arm) memory sharing mechanism. Specifically, the vulnerability allows for out-of-bounds access in the hypervisor's FF-A buffer if an untrusted, sufficiently large value is transmitted from the host kernel. The flaw is present in several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access in the hypervisor, potentially causing memory corruption or allowing unauthorized access to sensitive data.

Reproduction

The vulnerability can be reproduced by sending an untrusted value from the host kernel to the hypervisor's FF-A memory sharing interface. If the value exceeds a certain threshold, it will bypass the offset checks and cause out-of-bounds access in the FF-A buffer.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.