CVE-2022-50159

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> of: check previous kernel&amp;#39;s ima-kexec-buffer against memory bounds<br /> <br /> Presently ima_get_kexec_buffer() doesn&amp;#39;t check if the previous kernel&amp;#39;s<br /> ima-kexec-buffer lies outside the addressable memory range. This can result<br /> in a kernel panic if the new kernel is booted with &amp;#39;mem=X&amp;#39; arg and the<br /> ima-kexec-buffer was allocated beyond that range by the previous kernel.<br /> The panic is usually of the form below:<br /> <br /> $ sudo kexec --initrd initrd vmlinux --append=&amp;#39;mem=16G&amp;#39;<br /> <br /> <br /> BUG: Unable to handle kernel data access on read at 0xc000c01fff7f0000<br /> Faulting instruction address: 0xc000000000837974<br /> Oops: Kernel access of bad area, sig: 11 [#1]<br /> <br /> NIP [c000000000837974] ima_restore_measurement_list+0x94/0x6c0<br /> LR [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160<br /> Call Trace:<br /> [c00000000371fa80] [c00000000083b55c] ima_load_kexec_buffer+0xac/0x160<br /> [c00000000371fb00] [c0000000020512c4] ima_init+0x80/0x108<br /> [c00000000371fb70] [c0000000020514dc] init_ima+0x4c/0x120<br /> [c00000000371fbf0] [c000000000012240] do_one_initcall+0x60/0x2c0<br /> [c00000000371fcc0] [c000000002004ad0] kernel_init_freeable+0x344/0x3ec<br /> [c00000000371fda0] [c0000000000128a4] kernel_init+0x34/0x1b0<br /> [c00000000371fe10] [c00000000000ce64] ret_from_kernel_thread+0x5c/0x64<br /> Instruction dump:<br /> f92100b8 f92100c0 90e10090 910100a0 4182050c 282a0017 3bc00000 40810330<br /> 7c0802a6 fb610198 7c9b2378 f80101d0 2c090001 40820614 e9240010<br /> ---[ end trace 0000000000000000 ]---<br /> <br /> Fix this issue by checking returned PFN range of previous kernel&amp;#39;s<br /> ima-kexec-buffer with page_is_ram() to ensure correct memory bounds.