CVE-2024-26603

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Linux kernel's handling of the xsave buffer, where the expected size of the user space buffer was taken from fx sw->xstate size. This could be changed from user-space, allowing for the construction of a sigreturn frame where fx sw->xstate size is smaller than the size required by valid bits in fx sw->xfeatures, or where user-space unmaps parts of the sigrame fpu buffer, making it inaccessible to xrstor. As a result, xrstor tries to restore and access the unmapped area, leading to a fault. However, fault in readable succeeds because buf + fx sw->xstate size is within the still mapped area, causing it to try xrstor again and spin in an infinite loop. The fix involves faulting in the maximum size that can be touched by XRSTOR, taken from fpstate->user size.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.