Linux Kernel EFI/CPER Memory Dump Vulnerability Leading to Data Disclosure and Denial-of-Service

A vulnerability in the Linux kernel's EFI/CPER error handling can cause excessive memory dumping, data disclosure, and potential system crashes. The issue arises because the error record length is not properly validated before processing. On faulty firmware, an offset can exceed the actual record length, leading to an underflow that triggers a dump of the entire memory. This flaw can be exploited to disclose sensitive data, cause the system to hang by dumping large memory areas, or induce a crash by attempting to dump unmapped memory regions.

Impact

The vulnerability can be exploited to cause a denial-of-service by dumping large amounts of memory, leading to system unresponsiveness. Additionally, it can result in an OOPS error by trying to access unmapped memory, causing a system crash. The improper memory handling also creates a risk of unauthorized data disclosure, as sensitive information can be exposed through the memory dumps.

Reproduction

The vulnerability can be reproduced by triggering a firmware error that causes the offset to exceed the actual record length in the CPER (Common Platform Error Record) handling. This can be done by manipulating the error record length in a way that the offset calculation underflows, based on the specific conditions of the faulty firmware.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The official Linux kernel Git repository contains the necessary updates. Instructions for downloading the latest stable version can be found on the Linux kernel website.