Linux Kernel IOMMUFD Self-Test Overflow Vulnerability

A vulnerability in the Linux kernel's IOMMUFD self-test can lead to an overflow in mathematical operations, corrupting the reserved interval tree. This issue, discovered by syzkaller, triggers a WARN_ON response and only affects test kernels with CONFIG_IOMMUFD_TEST enabled. The vulnerability arises from inadequate validation of user input length in the test ioctl, allowing for the possibility of overflowing reserved intervals.

Impact

Exploitation of this vulnerability can cause a kernel warning and disrupt the integrity of the reserved interval management in IOMMUFD, potentially leading to incorrect behavior in memory management during device I/O operations.

Reproduction

To reproduce this vulnerability, compile the Linux kernel with the CONFIG_IOMMUFD_TEST option enabled. Once the kernel is running, the IOMMUFD self-test can be executed. The test will inadvertently cause a mathematical overflow by adding reserved intervals without proper input validation, which will corrupt the interval tree management. This overflow can be observed as a warning in the kernel log, indicating that the reserved interval handling has been compromised.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.