ARMv8 Security Issue: PAN Control Bypass and Kernel Implications

Are you aware that memory access protections baked into the ARMv8 64-bit specification are vulnerable to being bypassed? The Arm team has just recently mitigated the bug, which would allow an attacker to circumvent its “Privileged Access Never” (PAN) controls in the kernel. 

PAN, introduced in 2014, is a meant to prevent privileged access to user data unless explicitly enabled – as a security mechanism against possible software attacks.

A Linux kernelcommit messageon January 6 this year acknowledges the issue and puts in place a stop-gap measure. But one security researcher, “Siguza” says they originally found the flaw in October 2018 and that PAN “was never an issue to get around”.

The link for this article located at Computer Business Review is no longer available.