DEBIAN-CVE-2026-23128

In the Linux kernel, the following vulnerability has been resolved: arm64: Set _nocfi on swsusparchresume() A DABT is reported[1] on an android based system when resume from hiberate. This happens because swsusparchsuspendexit() is marked with SYMCODE() and does not have a CFI hash, but swsusparchresume() will attempt to verify the CFI hash when calling a copy of swsusparchsuspendexit(). Given that there's an existing requirement that the entrypoint to swsusparchsuspendexit() is the first byte of the .hibernateexit.text section, we cannot fix this by marking swsusparchsuspendexit() with SYMFUNC(). The simplest fix for now is to disable the CFI check in swsusparchresume(). Mark swsusparchresume() as __nocfi to disable the CFI check. [1] [ 22.991934][ T1] Unable to handle kernel paging request at virtual address 0000000109170ffc [ 22.991934][ T1] Mem abort info: [ 22.991934][ T1] ESR = 0x0000000096000007 [ 22.991934][ T1] EC = 0x25: DABT (current EL), IL = 32 bits [ 22.991934][ T1] SET = 0, FnV = 0 [ 22.991934][ T1] EA = 0, S1PTW = 0 [ 22.991934][ T1] FSC = 0x07: level 3 translation fault [ 22.991934][ T1] Data abort info: [ 22.991934][ T1] ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 [ 22.991934][ T1] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 22.991934][ T1] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 22.991934][ T1] [0000000109170ffc] user address but activemm is swapper [ 22.991934][ T1] Internal error: Oops: 0000000096000007 [#1] PREEMPT SMP [ 22.991934][ T1] Dumping ftrace buffer: [ 22.991934][ T1] (ftrace buffer empty) [ 22.991934][ T1] Modules linked in: [ 22.991934][ T1] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.6.98-android15-8-g0b1d2aee7fc3-dirty-4k #1 688c7060a825a3ac418fe53881730b355915a419 [ 22.991934][ T1] Hardware name: Unisoc UMS9360-base Board (DT) [ 22.991934][ T1] pstate: 804000c5 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 22.991934][ T1] pc : swsusparchresume+0x2ac/0x344 [ 22.991934][ T1] lr : swsusparchresume+0x294/0x344 [ 22.991934][ T1] sp : ffffffc08006b960 [ 22.991934][ T1] x29: ffffffc08006b9c0 x28: 0000000000000000 x27: 0000000000000000 [ 22.991934][ T1] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000820 [ 22.991934][ T1] x23: ffffffd0817e3000 x22: ffffffd0817e3000 x21: 0000000000000000 [ 22.991934][ T1] x20: ffffff8089171000 x19: ffffffd08252c8c8 x18: ffffffc080061058 [ 22.991934][ T1] x17: 00000000529c6ef0 x16: 00000000529c6ef0 x15: 0000000000000004 [ 22.991934][ T1] x14: ffffff8178c88000 x13: 0000000000000006 x12: 0000000000000000 [ 22.991934][ T1] x11: 0000000000000015 x10: 0000000000000001 x9 : ffffffd082533000 [ 22.991934][ T1] x8 : 0000000109171000 x7 : 205b5d3433393139 x6 : 392e32322020205b [ 22.991934][ T1] x5 : 000000010916f000 x4 : 000000008164b000 x3 : ffffff808a4e0530 [ 22.991934][ T1] x2 : ffffffd08058e784 x1 : 0000000082326000 x0 : 000000010a283000 [ 22.991934][ T1] Call trace: [ 22.991934][ T1] swsusparchresume+0x2ac/0x344 [ 22.991934][ T1] hibernationrestore+0x158/0x18c [ 22.991934][ T1] loadimageandrestore+0xb0/0xec [ 22.991934][ T1] softwareresume+0xf4/0x19c [ 22.991934][ T1] softwareresumeinitcall+0x34/0x78 [ 22.991934][ T1] dooneinitcall+0xe8/0x370 [ 22.991934][ T1] doinitcalllevel+0xc8/0x19c [ 22.991934][ T1] doinitcalls+0x70/0xc0 [ 22.991934][ T1] dobasicsetup+0x1c/0x28 [ 22.991934][ T1] kernelinitfreeable+0xe0/0x148 [ 22.991934][ T1] kernelinit+0x20/0x1a8 [ 22.991934][ T1] retfromfork+0x10/0x20 [ 22.991934][ T1] Code: a9400a61 f94013e0 f9438923 f9400a64 (b85fc110) [catalin.marinas@arm.com: commit log updated by Mark Rutland]