Linux Kernel Metadata Handling Vulnerability in the act_ife Scheduler Component

A vulnerability has been identified in the Linux kernel's act_ife scheduling component, where the handling of metadata lists is flawed. Instead of replacing old metadata, the system appends new data, leading to an uncontrolled accumulation that can cause out-of-bounds errors. This issue was highlighted by a Kernel Address Sanitizer (KASAN) report of a slab-out-of-bounds error, indicating a write operation exceeded allocated memory boundaries. The vulnerability arises from improper management of metadata updates, which, if left unaddressed, could be exploited to disrupt normal kernel operations.

Impact

The vulnerability can be exploited to cause a slab-out-of-bounds error, where a write operation exceeds the allocated memory space, potentially leading to memory corruption or other unintended behaviors.

Reproduction

The vulnerability can be reproduced by replacing an ife action that modifies the metadata list. The current implementation will append new metadata instead of replacing the old data, causing an unbounded increase in metadata that can lead to an out-of-bounds error. This can be observed by monitoring the ife_tlv_meta_encode function, where the KASAN report will indicate a slab-out-of-bounds error due to the excessive metadata handling.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.