CVE-2023-52761

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc2-00001-g328a1f96f7b9 #34

Description The issue is related to the Linux kernel's VMAP STACK overflow detection. When an overflow is detected, the CPU switches to a shadow stack temporarily before switching to a per-cpu overflow stack. However, if two CPUs are racing and end up in an overflowing kernel stack, they may corrupt each other's state because shadow stack is not per-cpu. This vulnerability can cause a kernel panic due to a stack overflow.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the patch for this vulnerability. Specifically, update to a version later than 6.1.0-rc2-00001-g328a1f96f7b9 #34. As a temporary workaround, consider disabling the CONFIG VMAP STACK configuration option to prevent the use of shadow stack until a patch is available. However, this may have performance implications and should be carefully evaluated before implementation.