CVE CyberSecurity Database News

CVE-2021-47034: Addressing the Linux Kernel Vulnerability in PowerPC/64s

Poster -

In the world of computers, security is of the utmost importance. One of the most widely used operating systems, the Linux kernel, has recently had a vulnerability patched. This vulnerability, referred to as CVE-2021-47034, affects the powerpc/64s component of the Linux kernel and can lead to spurious faults and potentially harmful consequences if remained unaddressed. In this post, we aim to inform our readers about the details of the vulnerability and how it was resolved, provide a code snippet to showcase the problem, and cite original references to guide our readers through obtaining further information.

The vulnerability in detail

The Linux kernel vulnerability involves a component known as powerpc/64s, specifically in what's called the pte update for kernel memory on radix. PTE stands for "Page Table Entry", and it is a crucial element in a computer's memory management process. When adding a PTE, a ptesync (Page Table Entry Synchronization) is required to coordinate the update of the PTE with subsequent accesses. However, without proper synchronization, spurious faults might occur.

The specific function exhibiting this issue is called radix__set_pte_at(). It does not perform the required ptesync for performance gains. For non-kernel memory, this is not a big issue as page fault handlers can correct any faults that result. But for kernel memory, these faults aren't handled. The solution for this was to include a ptesync in flush_cache_vmap().

However, the issue persisted due to the fact that map_kernel_page() did not call flush_cache_vmap(). This caused problems primarily in code patching with Strict RWX on radix. An example of this vulnerability's effect on the Linux kernel can be found in the bug report posted here: https://lore.kernel.org/linuxppc-dev/15AC5BE-A221-4B8C-9039-FA96B8EF7C88@lca.pw/

Reproducing the issue

Chris Riedl, a developer, discovered a reliable way to reproduce the issue, causing the kernel to crash. The method involves running these commands:

$ mount -t debugfs none /sys/kernel/debug
$ (while true; do echo function > /sys/kernel/debug/tracing/current_tracer ; echo nop > /sys/kernel/debug/tracing/current_tracer ; done) &

This method involves turning ftrace on and off repeatedly, resulting in a large amount of code patching which usually leads to a crash in under 5 minutes.

The solution

The solution for this issue involved setting up a ptesync to prevent spurious faults in the Linux kernel. This improvement in coordination between the PTE and subsequent accesses ensures the proper functionality of the kernel memory and prevents crashes from occurring.

Original References

Here are some original references and sources for more information on the CVE-2021-47034 vulnerability and its resolution:

1. Linux Kernel Git Commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e3c1b78c84409
2. LWN.net article discussing CVE-2021-47034: https://lwn.net/Articles/842799/
3. Official CVE (Common Vulnerabilities and Exposures) Details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-47034

Conclusion

The CVE-2021-47034 vulnerability in the Linux kernel has been patched, addressing a critical weakness in the powerpc/64s component. By implementing a ptesync to properly coordinate PTE updates with subsequent accesses, potential crashes and harmful consequences can be avoided. As Linux continues to be a prevalent operating system, it is essential to stay informed and updated on any potential vulnerabilities and their corresponding resolutions.

Timeline

Published on: 02/28/2024 09:15:39 UTC
Last modified on: 10/31/2024 15:35:02 UTC