Linux Kernel Stack-Out-of-Bounds Vulnerability in IMA Appraisal Function

A stack-out-of-bounds vulnerability has been identified in the Linux kernel's Integrity Measurement Architecture (IMA) subsystem. This issue arises in the 'ima_appraise_measurement' function, specifically within the 'is_bprm_creds_for_exec' context. The vulnerability, reported by the Kernel Address Sanitizer (KASAN), involves a read operation of size 1 from an invalid stack address, which is associated with the 'sudo' task. The root cause of the vulnerability is the improper use of the 'container_of' macro on a file pointer, leading to an incorrect offset calculation that triggers the out-of-bounds access.

Impact

Exploitation of this vulnerability causes a stack-out-of-bounds access, which can potentially lead to arbitrary memory read or write operations, disrupting the normal execution flow of the program.

Reproduction

The vulnerability can be reproduced by invoking the 'sudo' command, which triggers the 'ima_appraise_measurement' function. The 'bprm_is_check' boolean is not set correctly, allowing the function to access the stack out-of-bounds, specifically at an offset that corresponds to the file object.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.