Linux Kernel Buffer Overflow Vulnerability in Vmalloc Reallocation Function

A buffer overflow vulnerability has been identified in the Linux kernel's memory management component, specifically within the 'vmalloc' subsystem. The issue arises in the 'vrealloc_node_align' function, where a new allocation can inadvertently lead to an out-of-bounds write. This occurs when the function is used to shrink an allocation while simultaneously enforcing alignment or NUMA node constraints, causing data to be copied beyond the bounds of the newly allocated buffer.

Impact

Exploitation of this vulnerability leads to a buffer overflow, which can commonly result in memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by allocating a memory block using the 'vmalloc' function, then requesting a reallocation that reduces the size while imposing alignment or NUMA node requirements. This will trigger the 'vrealloc_node_align' function to allocate a new buffer and copy data from the old buffer, but the copy operation will exceed the limits of the new allocation, causing a buffer overflow.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit addressing this issue is available in the Linux kernel stable tree.