Linux Kernel NBD Module Race Condition Vulnerability Leading to NULL Pointer Dereference

A race condition vulnerability has been identified in the Linux kernel's Network Block Device (NBD) module. This issue arises during the concurrent execution of the 'nbd_alloc_config()' function and the removal of the NBD module. The problem occurs because 'try_module_get()' returns false, allowing 'nbd_alloc_config()' to proceed without proper validation. As a result, this race condition can cause a resource leak of 'nbd_config' and related resources, such as 'recv_workq', and trigger a NULL pointer dereference in the 'nbd_read_stat()' function, leading to a kernel oops.

Impact

Exploitation of this vulnerability causes a kernel NULL pointer dereference, resulting in a crash of the NBD module and potential disruption of services relying on it.

Remediation

The vulnerability has been addressed by modifying the 'nbd_alloc_config()' function to check the return value of 'try_module_get()' before proceeding. Users should ensure they are running a patched version of the Linux kernel where this fix has been applied.