Linux Kernel Netconsole Out-of-Bounds Read Vulnerability

A vulnerability in the Linux kernel's netconsole feature can lead to out-of-bounds (OOB) read errors. The issue arises because messages sent from the console subsystem to netconsole are not guaranteed to be null-terminated. This lack of proper termination can cause memory access violations. The vulnerability was introduced when netconsole was converted to use the NBCON console infrastructure, which changed how messages are handled. As a result, the Kernel Address Sanitizer (KASAN) detected a slab-out-of-bounds error, indicating that a read operation accessed memory outside the allocated buffer. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a slab-out-of-bounds read, which can lead to undefined behavior, including potential information disclosure or memory corruption.

Reproduction

The vulnerability can be reproduced by enabling the netconsole feature in the Linux kernel. Once netconsole is active, messages can be sent from the console subsystem. Due to the absence of null termination in the messages, an out-of-bounds read occurs when netconsole processes the incoming data. This can be verified by observing the KASAN report, which indicates the out-of-bounds access and the associated call trace.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version that includes the patch.