Qiao Ma

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc3+ Description: The issue is related to the uprobe functionality in the Linux kernel, which can lead to out-of-bounds memory access when fetching arguments. This occurs because the percpu buffer used by uprobe has a limited size, typically a page size, and the store trace args() function does not check if the data exceeds this size. As a result, large user-space strings or arrays can cause out-of-bounds memory access. The problem can be reproduced by building the kernel with CONFIG KASAN enabled, compiling a specific test program, and configuring uprobe with a particular offset. When the test program is run, the kernel's KASAN (Kernel Address Sanitizer) reports an error. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix, which enforces the buffer's maxlen to be less than a page size to avoid store trace args() out-of-memory access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.