Linux Kernel APEI/GHES ARM Processor Error Memory Access Vulnerability

A vulnerability in the Linux kernel's handling of ARM Processor Error records can lead to memory access errors. This issue occurs when the BIOS generates a very small or incomplete error record, causing the kernel to attempt to access memory beyond what has been allocated. The vulnerability has been observed in the Linux kernel stable tree, specifically in versions prior to the latest commit that addresses this issue.

Impact

Exploitation of this vulnerability can lead to internal errors and system crashes, as indicated by 'Oops' messages in the kernel log. Such crashes can disrupt system operations and potentially lead to data loss or corruption.

Reproduction

The vulnerability can be reproduced by configuring a system to use a BIOS that generates incomplete or overly brief ARM Processor Error records. When the kernel attempts to process these records, it will encounter 'Oops' errors due to accessing memory sections that were not properly defined, leading to a crash.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.