CVE-2022-50579

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc6-00151-gcd722513a189-dirty #22

Description The Linux kernel contains a flaw in the arm64 ftrace subsystem related to module PLTs and mcount-based ftrace. A commit introduced a change that caused issues when modules are loaded at a sufficient distance from the kernel, leading to the creation of out-of-range PLTs. This impacts mcount call sites, where ftrace make nop() incorrectly assumes initialization to the ftrace trampoline PLT, and ftrace find callable addr() rejects other cases. Consequently, when ftrace attempts to initialize a call site, it fails to locate the mcount stub, resulting in a kernel panic. The issue is triggered when loading an out-of-tree module.

Recommendations Apply the fix by reverting to the previous behavior of ignoring the old instruction when initializing an mcount callsite in a module. This was the behavior prior to commit a6253579977e4c6f.