Linux Kernel ptrace Vulnerability in arm64/fpsimd Component on Non-SME Systems

A vulnerability in the Linux kernel's arm64/fpsimd component can lead to an invalid state when the Scalable Vector Extension (SVE) is supported but SVE's Streaming Mode Extension (SME) is not. In such cases, a ptrace write to the NT_ARM_SVE regset can cause the tracee to incorrectly store SVE register data in a format intended for SVE, while the task's SVE flag is not set. This discrepancy can trigger a warning during the restoration of the current state, although it does not cause any functional issues. The vulnerability was introduced in a previous commit that altered error handling, and the current fix involves ensuring the SVE flag is correctly set during ptrace operations, regardless of SME support.

Impact

The vulnerability can cause tasks to enter an incorrect state regarding their SVE registers, potentially leading to inconsistencies during state management operations.

Reproduction

To reproduce this vulnerability, a ptrace write must be performed on a task where SVE is supported but SME is not. This can be done by writing SVE-formatted data to the NT_ARM_SVE regset while the task's SME support is disabled. After the ptrace operation, the task will exhibit the incorrect state, with SVE data in the wrong format and the SVE flag not set, which can be verified by observing the warning generated during the state restoration process.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.