A vulnerability was found in Linux kernel when compiled with GCC 9 could cause a vector register corruption on return from a signal handler where the top page of the signal stack had not yet been paged in. This flaw can allow a local attacker with special user privilege (or root) to leak kernel internal information. The content of fpregs_state_valid (or FPU register) may change during preemption and must not be cached. While in current situation FPU data like state/owner is never changed during the lifetime of a task and they remained constant (which is not right). With peferred FPU loading, compiler is no longer allowed to move the load of fpu_fpregs_owner_ctx somewhere else outside of the locked section, with this a task preemption will change its value and stale content will be observed. Reference: https://bugzilla.kernel.org/show_bug.cgi?id=205663 Upstream commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=59c4bd853abcea95eccc167a7d7fd5f1a5f47b98
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1784575]
This is fixed for Fedora with the 5.3.15 stable kernel update.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.