In the Linux kernel, the following vulnerability has been resolved:
ima: verify the previous kernel's IMA buffer lies in addressable RAM
Patch series "Address page fault in ima_restore_measurement_list()", v3.
When the second-stage kernel is booted via kexec with a limiting command
line such as "mem=<size>" we observe a pafe fault that happens.
BUG: unable to handle page fault for address: ffff97793ff47000
RIP: ima_restore_measurement_list+0xdc/0x45a
#PF: error_code(0x0000) not-present page
This happens on x86_64 only, as this is already fixed in aarch64 in
commit: cbf9c4b9617b ("of: check previous kernel's ima-kexec-buffer
against memory bounds")
This patch (of 3):
When the second-stage kernel is booted with a limiting command line (e.g.
"mem=<size>"), the IMA measurement buffer handed over from the previous
kernel may fall outside the addressable RAM of the new kernel. Accessing
such a buffer can fault during early restore.
Introduce a small generic helper, ima_validate_range(), which verifies
that a physical [start, end] range for the previous-kernel IMA buffer lies
within addressable memory:
- On x86, use pfn_range_is_mapped().
- On OF based architectures, use page_is_ram().
A Linux kernel vulnerability in IMA (Integrity Measurement Architecture) causes page faults when the second-stage kernel is booted via kexec with memory limitations. The issue occurs because the IMA measurement buffer from the previous kernel may fall outside the addressable RAM of the new kernel.
يحدث هذا الخلل عندما يتم إقلاع النواة الثانية عبر kexec مع معاملات سطر أوامر تحد من الذاكرة المتاحة. مخزن مؤقت قياس IMA المنقول من النواة السابقة قد يقع خارج نطاق الذاكرة القابلة للعنونة في النواة الجديدة، مما يسبب خطأ صفحة.
A Linux kernel vulnerability in IMA causes page faults during kexec boot with memory constraints, where the IMA measurement buffer from the previous kernel becomes inaccessible. This affects x86_64 systems that use memory-limited boot parameters.
Update the Linux kernel to the patched version that includes proper verification of the previous kernel's IMA buffer address space bounds before attempting to access it. Ensure kexec operations validate memory boundaries when using limiting command line parameters like 'mem=<size>'.
قم بتحديث نواة لينكس إلى الإصدار الذي يتضمن التحقق الصحيح من حدود مساحة عنوان مخزن مؤقت IMA للنواة السابقة قبل محاولة الوصول إليه. تأكد من أن عمليات kexec تتحقق من حدود الذاكرة عند استخدام معاملات سطر الأوامر المقيدة مثل 'mem=<size>'.