Linux Kernel BPF JIT Buffer Misalignment Vulnerability on ARM64

A vulnerability in the Linux kernel's BPF Just-In-Time (JIT) compiler for ARM64 architecture has been addressed. The issue stemmed from the BPF JIT allocator requesting a 4-byte alignment for the JIT buffer, while the structure 'bpf_plt' contains a 64-bit target field that requires 8-byte alignment. This misalignment could lead to 'Undefined Behavior Sanitizer' (UBSAN) warnings and, more critically, to a torn read condition. On ARM64, 64-bit data transfers are only atomic when properly aligned. The vulnerability could cause the JIT compiler to jump to a corrupted address, disrupting execution.

Impact

The vulnerability could lead to a denial-of-service condition by causing the JIT compiler to execute code incorrectly, potentially jumping to invalid memory addresses and disrupting normal operations.

Reproduction

The vulnerability can be reproduced by compiling and executing BPF programs on an ARM64 system with a Linux kernel version that includes the misalignment issue. The BPF JIT compiler will incorrectly align the target field in the 'bpf_plt' structure, leading to a torn read condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.