CVE-2024-35873

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue arises when a userland application is executing vector code and receives a signal. Upon returning from the signal handler using the rt sigreturn() syscall, the live vector state is discarded, and the live state is marked as "dirty". The rt sigreturn() syscall then restores the vstate, except for the Vector registers, from the sigcontext. However, when the vectorized user from copy() is used to restore the Vector registers, the dirty live state from the discard is saved to the vstate, making it corrupt. This results in the application crashing due to the corrupted vstate. The vectorized user from copy() is invoked depending on the value of CONFIG RISCV ISA V UCOPY THRESHOLD, with a default value of 768, meaning vlen must be larger than 128b for this bug to trigger.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.