CVE-2022-36123: Linux kernel arbitrary code execution flaw
The flaw occurs due to the Linux kernel not clear statically allocated variables in the block starting symbol (.bss) due to a failed early_xen_iret_patch leading to an asm_exc_page_fault, or arbitrary code execution. The issue is an out-of-bounds read to asm page fault. The researcher’s successful exploitation of this bug leads to arbitrary code execution, as tested on Linux kernel mainline v5.18-rc1 through v5.19-rc6.
“An unprivileged local attacker on the host, or guest, may potentially use this flaw to cause a NULL Pointer Dereference, kernel oops or denial of service as this allows virtualized devices connected to the Xen IOMMU via xen_set_restricted_virtio_memory_access to potentially access restricted memory. In addition, if kexec is used, the 2nd kernel .bss may contain uninitialized resources and may not be clear,” read the advisories.
However, CVE-2022-36123 has been patched and merged into the main branch by removing and cleaning up early_xen_iret_patch in the Linux kernel. At present, Linux kernel maintainers have officially issued security patches. It’s recommended that users update Linux servers immediately and apply the patches for other distros as soon as they are available. You make sure that your Linux distro is on Linux kernel 5.18.13, 5.15.56, 5.10.132, 5.4.207, 4.19.253, 4.14.289 or 4.9.324.