CVE-2024-42158: kfree_sensitive() Resolves Linux Kernel Vulnerability in s390/pkey

A new vulnerability named CVE-2024-42158 has been detected and resolved in the Linux kernel. This vulnerability relates to the handling of sensitive memory in the s390/pkey subsystem. By leveraging kfree_sensitive() instead of the previously used memzero_explicit() and kfree() combination, the Linux kernel developers have patched this issue.

Background

The s390/pkey subsystem is responsible for managing memory protection keys on IBM's s390 architecture, which is used mainly in mainframes and some high-end servers. Memory protection keys are a hardware-based mechanism to restrict access to specific memory regions. This functionality is essential to maintain security and isolation between different applications or workloads running on the same system.

Exploit Details

The issue was discovered by scrutinizing warnings generated by the Coccinelle static code analysis tool. Coccinelle had reported the following warnings:

- WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506)
- WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643)
- WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 177)

These warnings indicated possible security vulnerabilities where sensitive memory was not correctly sanitized before being released to the system's memory manager. An attacker might exploit this vulnerability to access sensitive information, such as cryptographic keys, passwords, or other confidential data.

Patch and Code Snippet

To resolve this vulnerability, Linux kernel developers replaced the memzero_explicit() and kfree() combination with the kfree_sensitive() function. This ensures proper sanitization of the memory before returning it to the memory manager. The relevant code snippet from the patch is as follows:

-+		memzero_explicit(
-+			key_sec_attr,
-+			sizeof(struct pkey_attention_sec_attr));
-+		kfree(key_sec_attr);
-+	}
++	kfree_sensitive(key_sec_attr);
+ }

Original References

You can refer to the following links for more information about this vulnerability and the patch applied to fix it:

- Linux kernel mailing list discussion
- Coccinelle project homepage
- Linux kernel source code repository

Conclusion

The Linux kernel vulnerability (CVE-2024-42158) affecting the s390/pkey subsystem has been identified and resolved by using kfree_sensitive() instead of the previous method. This change effectively mitigates the risk of an attacker exploiting this vulnerability to gain unauthorized access to sensitive memory data.

Timeline

Published on: 07/30/2024 08:15:07 UTC
Last modified on: 08/02/2024 14:31:04 UTC