Linux Kernel KASAN Global-Out-of-Bounds Vulnerability in Intel Performance Monitoring Unit

A global-out-of-bounds vulnerability has been identified in the Linux kernel's handling of Intel performance events. This issue arises in non-hybrid platforms when the 'perf mem record' command is executed, leading to a Kernel Address Sanitizer (KASAN) warning. The vulnerability is caused by the 'cmt_latency_data' function attempting to access the 'x86_hybrid_pmu' structure, which is unavailable on such platforms. The out-of-bounds read occurs because the code does not properly check whether the platform is hybrid before accessing this structure.

Impact

Exploitation of this vulnerability causes a global-out-of-bounds memory access, which can lead to undefined behavior, including potential memory corruption.

Reproduction

To reproduce this vulnerability, run the 'perf mem record' command on a non-hybrid platform such as CWF. This will trigger the KASAN global-out-of-bounds warning, indicating that the 'cmt_latency_data' function has attempted to read memory outside of its allocated bounds. The call stack will show that this issue originates from the 'setup_arch_pebs_sample_data' function, which is part of the Intel performance monitoring unit's handling of performance events.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.