CVE-2021-47006 - Resolved Linux Kernel Vulnerability in ARM Hardware Breakpoint Handler

A vulnerability has been discovered and resolved in the Linux kernel, specifically relating to ARM hardware breakpoints. Known as CVE-2021-47006, this vulnerability allowed attackers to exploit the missing check in the function hw_breakpoint. The issue was addressed through a patch submitted by Zhen Lei, a developer at Huawei.

Details

The vulnerability was found in the ARM-specific section of the Linux kernel, which was not correctly implementing hardware breakpoints. Hardware breakpoints are a debugging feature that allows execution to be paused when a specific memory address is accessed or modified. This allows developers to monitor and debug their code effectively.

In the Linux kernel, the problematic code was located in the hw_breakpoint function. The issue was introduced in the commit 1879445dfa7b, which set a default event->overflow_handler in the perf_event_alloc() function and replaced the check event->overflow_handler with is_default_overflow_handler(). However, one check was missing in the implementation, resulting in a vulnerability that could be exploited by attackers.

Here is the code snippet that contained the vulnerability

static void ptrace_triggered(struct perf_event *bp,
           struct perf_sample_data *data, struct pt_regs *regs)
{
   if (!bp->overflow_handler)
      enable_single_step(regs);
}

As seen in the code snippet, there was no check for whether bp->overflow_handler was set to its default value. Due to this missing check, the enable_single_step() function was never invoked, which was a critical issue.

Thanks to the patch submitted by Zhen Lei, this vulnerability has been resolved. The patch can be found in this link:

https://patchwork.kernel.org/project/linux-arm-kernel/patch/20210207105934.2001-1-thunder.leizhen@huawei.com/

The proposed fix replaces the direct check of bp->overflow_handler with a call to the is_default_overflow_handler() function:

static void ptrace_triggered(struct perf_event *bp,
           struct perf_sample_data *data, struct pt_regs *regs)
{
   if (is_default_overflow_handler(bp))
      enable_single_step(regs);
}

Conclusion

With the successful patching of CVE-2021-47006, the Linux kernel's ARM implementation is now safer and more secure. Users are encouraged to update their kernel to the latest version to protect themselves against this vulnerability. Developers should also ensure that their applications are using the most recent kernel version to prevent potential exploits.

Timeline

Published on: 02/28/2024 09:15:38 UTC
Last modified on: 05/29/2024 05:00:24 UTC