Fei Yang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the x86/alternatives component of the Linux kernel, where KASAN (Kernel Address Sanitizer) triggers during apply alternatives() on a 5-level paging machine, causing an out-of-bounds read in rcu is watching(). This occurs because KASAN gets confused when apply alternatives() patches the KASAN SHADOW START users. A test patch that makes KASAN SHADOW START static works around the issue. The problem is fixed by disabling KASAN while the kernel is patching alternatives. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.