CVE-2023-52750

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer<br /> <br /> Prior to LLVM 15.0.0, LLVM&amp;#39;s integrated assembler would incorrectly<br /> byte-swap NOP when compiling for big-endian, and the resulting series of<br /> bytes happened to match the encoding of FNMADD S21, S30, S0, S0.<br /> <br /> This went unnoticed until commit:<br /> <br /> 34f66c4c4d5518c1 ("arm64: Use a positive cpucap for FP/SIMD")<br /> <br /> Prior to that commit, the kernel would always enable the use of FPSIMD<br /> early in boot when __cpu_setup() initialized CPACR_EL1, and so usage of<br /> FNMADD within the kernel was not detected, but could result in the<br /> corruption of user or kernel FPSIMD state.<br /> <br /> After that commit, the instructions happen to trap during boot prior to<br /> FPSIMD being detected and enabled, e.g.<br /> <br /> | Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD<br /> | CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1<br /> | Hardware name: linux,dummy-virt (DT)<br /> | pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> | pc : __pi_strcmp+0x1c/0x150<br /> | lr : populate_properties+0xe4/0x254<br /> | sp : ffffd014173d3ad0<br /> | x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000<br /> | x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008<br /> | x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044<br /> | x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005<br /> | x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000<br /> | x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000<br /> | x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000<br /> | x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000<br /> | x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a<br /> | x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8<br /> | Kernel panic - not syncing: Unhandled exception<br /> | CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1<br /> | Hardware name: linux,dummy-virt (DT)<br /> | Call trace:<br /> | dump_backtrace+0xec/0x108<br /> | show_stack+0x18/0x2c<br /> | dump_stack_lvl+0x50/0x68<br /> | dump_stack+0x18/0x24<br /> | panic+0x13c/0x340<br /> | el1t_64_irq_handler+0x0/0x1c<br /> | el1_abort+0x0/0x5c<br /> | el1h_64_sync+0x64/0x68<br /> | __pi_strcmp+0x1c/0x150<br /> | unflatten_dt_nodes+0x1e8/0x2d8<br /> | __unflatten_device_tree+0x5c/0x15c<br /> | unflatten_device_tree+0x38/0x50<br /> | setup_arch+0x164/0x1e0<br /> | start_kernel+0x64/0x38c<br /> | __primary_switched+0xbc/0xc4<br /> <br /> Restrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is<br /> either GNU as or LLVM&amp;#39;s IAS 15.0.0 and newer, which contains the linked<br /> commit.