In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then va = block + k_cur - k_start is less than block, the addr va is invalid, because the memory address space from va to block is not alloced by memblock_alloc, which will not be reserved by memblock_reserve later, it will be used by other places. As a result, memory overwriting occurs. for example: int __init __weak kasan_init_region(void start, size_t size) { [...] / if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) / block = memblock_alloc(k_end - k_start, PAGE_SIZE); [...] for (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) { / at the begin of for loop * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400) * va(dcd96c00) is less than block(dcd97000), va is invalid */ void *va = block + k_cur - k_start; [...] } [...] } Therefore, page alignment is performed on k_start before memblock_alloc() to ensure the validity of the VA address.
6.11.0-8.86.5.0-9.96.6.0-14.146.8.0-11.116.8.0-20.204.13.0-16.195.13.0-19.195.15.0-100.1105.15.0-101.1115.15.0-102.1125.15.0-105.1155.15.0-17.175.15.0-18.185.15.0-22.225.15.0-23.235.15.0-25.25+40 more5.15.0-106.1164.2.0-16.194.2.0-17.214.2.0-19.234.3.0-1.104.3.0-2.114.3.0-5.164.3.0-6.174.3.0-7.184.4.0-2.165.3.0-18.195.3.0-24.265.4.0-100.1135.4.0-104.1185.4.0-105.1195.4.0-107.1215.4.0-109.1235.4.0-110.1245.4.0-113.1275.4.0-117.132+89 more5.4.0-186.2063.11.0-12.195.19.0-1007.7~22.04.15.19.0-1009.9~22.04.15.19.0-1010.10~22.04.15.19.0-1011.11~22.04.15.19.0-1012.12~22.04.15.19.0-1013.13~22.04.15.19.0-1014.14~22.04.15.19.0-1015.15~22.04.14.4.0-1001.104.4.0-1002.2Exploitability
AV:LAC:LPR:HUI:NScope
S:UImpact
C:NI:NA:HCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H