CVE-2024-50133 - Linux Kernel LoongArch Vulnerability Resolved: Preventing Crashes in stack_top() for Tasks without vDSO

A vulnerability in the Linux kernel, specifically affecting systems using the LoongArch architecture, has been identified and resolved. The vulnerability could cause a crash when utilizing stack_top() function in tasks without a vDSO mapped, such as kthreads. This article discusses the details of the vulnerability, its potential impact, and the solution implemented to resolve it.

Introduction

In the Linux kernel, a recent vulnerability has been identified as CVE-2024-50133, which impacts systems using the LoongArch architecture. This vulnerability occurs when the stack_top() function is called for tasks without a vDSO mapped, potentially causing a system crash. For example, this scenario can occur when using kunit, as shown in the code snippet below:

[<9000000000203874>] stack_top+x58/xa8
[<90000000002956cc>] arch_pick_mmap_layout+x164/x220
[<90000000003c284c>] kunit_vm_mmap_init+x108/x12c
[<90000000003c1fbc>] __kunit_add_resource+x38/x8c
[<90000000003c2704>] kunit_vm_mmap+x88/xc8
[<900000000041b14>] usercopy_test_init+xbc/x25c
[<90000000003c1db4>] kunit_try_run_case+x5c/x184
[<90000000003c3d54>] kunit_generic_run_threadfn_adapter+x24/x48
[<900000000022e4bc>] kthread+xc8/xd4
[<900000000020ce8>] ret_from_kernel_thread+xc/xa4

To provide some background, vDSO (Virtual Dynamic Shared Object) is a mechanism used in Linux to provide a fast user-space interface for certain system calls. However, not all tasks have a vDSO mapped, such as kthreads. In these cases, the stack_top() function could result in a crash due to the NULL vDSO pointer dereferencing.

Exploit Details

The details of this exploit involve improper handling of tasks without vDSO mapped in the stack_top() function. As a result, systems using the LoongArch architecture might experience crashes and possible denial of service attacks when using kunit.

References

- LoongArch Mailing List - Fixing Stack_top() Crash for Tasks without vDSO
- Linux Kernel Commit - Fixing stack_top() crash

Solution

The solution to prevent this vulnerability involves a simple check for the presence of a vDSO before calling the stack_top() function. This check ensures that the NULL vDSO pointer is not dereferenced, ultimately preventing the crash. The patch has been committed to the Linux kernel, and users are encouraged to update their systems to include the latest patches and fixes.

Conclusion

The CVE-2024-50133 vulnerability in the Linux kernel, impacting systems using the LoongArch architecture, has been successfully resolved. By checking for the presence of a vDSO before calling the stack_top() function, the risk of a crash due to a NULL vDSO pointer dereference is mitigated. It is essential for system administrators and users to keep their systems up-to-date, ensuring that patches and fixes are applied to maintain the security and stability of their environment.

Timeline

Published on: 11/05/2024 18:15:16 UTC
Last modified on: 11/07/2024 21:17:35 UTC