Linux Kernel KASAN Double Free Vulnerability in PowerPC Architecture

A double free vulnerability has been identified in the Linux kernel's KASAN (Kernel Address Sanitizer) implementation, specifically within the PowerPC architecture that uses a 64K page size. The issue arises in the PUD (Page Upper Directory) table management, which is not always aligned with the expected page structure. This misalignment can lead to improper memory management, causing KASAN to incorrectly handle memory shadows, as evidenced by a reported double free error. The vulnerability was observed in a memory mapping scenario with 2.00 MiB pages, where KASAN's memory management routines were called incorrectly, leading to the double free condition.

Impact

Exploitation of this vulnerability causes a double free condition, where memory is freed twice, potentially leading to memory corruption or other undefined behaviors in the kernel.

Reproduction

The vulnerability can be reproduced by mapping a memory range with 2.00 MiB pages on a PowerPC system with a 64K page size. This can be done using the 'ndctl' command-line tool, which interacts with the memory mapping features of the kernel. The double free error can be observed in the kernel logs, indicating a KASAN report of a bad memory access, highlighting the address that was freed multiple times.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched version can be found in the Linux kernel documentation.