CVE-2021-46957

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0

Description The vulnerability occurs when the sys read function is traced by kprobe, leading to a kernel panic. The execution of sys read hits a BUG ON() in find get block after installing kprobe at sys read. A simple reproducer involves installing a kprobe at the entry of sys read and enabling it, then triggering the bug by reading from a file. The bug is caused by the kernel's handling of instruction page faults when single-stepping through the sys read function.

Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix for the riscv/kprobe vulnerability. Specifically, for Linux kernel version 5.12.0, ensure that the kernel is updated to a version that includes the patch for this issue. If the kernel version is prior to 5.12.0, update to version 5.12.0 or later to mitigate the vulnerability.