Maxime Bizon

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty **Description** The vulnerability is related to the powerpc/fixmap component of the Linux kernel. It is caused by the function `map kernel page()` being called a second time for the same page, which it does not handle correctly. This can lead to a warning and potentially cause issues with the system. The vulnerability is resolved by implementing the `unmap kernel page()` function, which clears an existing page table entry. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the powerpc/fixmap component. Specifically, versions after 5.16.0-rc3-s3k-dev-01993-g350ff07feb7d-dirty should include the necessary changes. If updating is not immediately possible, consider implementing workarounds such as avoiding the use of the `map kernel page()` function for the same page multiple times, or temporarily disabling the ` set fixmap()` function until a patch is available. However, these workarounds may have unintended consequences and should be approached with caution. Note: The provided information does not specify the exact version where the fix is included, so it's recommended to update to the latest available version of the Linux kernel to ensure the vulnerability is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.0+ **Description** A spinlock recursion issue has been identified in the Linux kernel, specifically in the powerpc/set memory module. The problem arises from the use of spin lock() in the change page attr() function, which can lead to recursion. This issue was reported by Maxime and is associated with a BUG message indicating spinlock recursion on CPU#0. The error occurs when the kernel attempts to perform a three-step operation safely against concurrent access. To resolve this issue, the read/modify/write sequence needs to be removed to make the operation atomic, and the spin lock() in change page attr() must be removed. **Recommendations** For Linux kernel versions prior to 5.15.0+, remove the spin lock() in the change page attr() function and modify the operation to be atomic by comparing the PAGE KERNEL {RO/ROX/RW/RWX} set of flags to determine which bits are set or cleared. As a temporary workaround, consider disabling the change page attr() function until a patch is available.