Linux Kernel Persistent RAM Buffer Mapping Vulnerability Allowing Memory Dereference Errors

A vulnerability in the Linux kernel's pstore ram_core component can lead to memory access errors. The issue arises in the persistent_ram_vmap() function, where the vmap() call may fail and return NULL. If the offset is non-zero, adding offset_in_page(start) can misleadingly make it appear as though the mapping was successful. This false success leads the persistent_ram_buffer_map() function to return a success status, while subsequent accesses to the buffer can dereference invalid memory addresses, causing crashes. The vulnerability has been addressed by adding proper NULL checks for vmap() failures.

Impact

Exploitation of this vulnerability can cause system crashes due to invalid memory access.

Reproduction

The vulnerability can be reproduced by calling the persistent_ram_buffer_map() function with a non-zero offset that causes the vmap() call to fail. The function will incorrectly report a success, but any subsequent access to the buffer will dereference an invalid address, leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.