Linux Kernel Synthetic Event Stacktrace Handling Vulnerability Causes Kernel Crash

A vulnerability in the Linux kernel's handling of synthetic events can lead to a kernel crash. This issue occurs when a synthetic event is created based on another synthetic event that includes a stacktrace field. The new event's use of that field triggers a crash. The problem arises because the stacktrace field is not properly labeled, causing it to be treated as a regular field instead of a dynamic event. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a kernel crash, caused by a page fault when the system tries to access a non-existent memory page. This type of error disrupts normal operations and can cause system instability.

Reproduction

The vulnerability can be reproduced by creating a synthetic event that uses a stacktrace field from another synthetic event. This can be done by first defining a synthetic event with a stacktrace field, then creating a second synthetic event that references the first one’s stacktrace. When the second event is enabled, it causes a kernel crash by triggering a page fault for an address that is not present, indicating a read access violation in kernel mode.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.