Linux Kernel Shadow Call Stack Parameter Mismanagement Vulnerability

A vulnerability in the Linux kernel's handling of the shadow call stack can lead to incorrect memory range scanning by the stack usage checking function. This issue arises because the function __scs_magic() is provided with the wrong type of variable, which, when CONFIG_DEBUG_STACK_USAGE is enabled, can cause inaccurate stack usage reports and potentially allow a kernel crash by accessing unmapped memory. However, this crash scenario is unlikely due to the way memory is allocated for the task structure and the shadow call stack. The vulnerability primarily affects developers and testers debugging stack usage with the relevant configuration active.

Impact

The vulnerability can cause inaccurate reporting of stack usage statistics, which may lead to incorrect values being displayed in the kernel message log. Additionally, it could allow for a kernel crash by accessing unmapped memory, potentially causing a kernel panic.

Reproduction

The vulnerability can be reproduced by enabling the CONFIG_DEBUG_STACK_USAGE option in the Linux kernel. Once this option is active, the scs_check_usage function will incorrectly scan memory for tasks, leading to the issues described.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux Kernel Archive.