Linux Kernel Android 15 Hibernation Resume Vulnerability

A vulnerability in the Linux kernel's handling of hibernation on Android 15 has been addressed. When resuming from hibernation, a data abort exception occurs because the function 'swsusp_arch_suspend_exit()' lacks a Control Flow Integrity (CFI) hash, yet 'swsusp_arch_resume()' tries to verify the CFI hash by calling 'swsusp_arch_suspend_exit()'. This issue arises because 'swsusp_arch_suspend_exit()' is designated with 'SYM_CODE_*()' and must comply with the requirement that its entry point is the first byte of the .hibernate_exit.text section. The vulnerability can be exploited, leading to a kernel paging request error, a level 3 translation fault, and an internal error oops, indicating a serious issue in the kernel's memory management during the resume process.

Impact

The vulnerability causes a data abort exception, disrupting the normal resumption process from hibernation and potentially leading to a system crash or instability.

Reproduction

The vulnerability can be reproduced by putting the system into hibernation and then resuming from it. This process triggers a data abort exception due to the improper handling of Control Flow Integrity checks in the 'swsusp_arch_resume()' function.

Remediation

The vulnerability has been fixed by modifying the 'swsusp_arch_resume()' function to include the '__nocfi' attribute, which disables the CFI check, allowing for a proper resumption from hibernation without encountering the data abort exception.