Linux Kernel Deadlock Vulnerability in Device Attachment Process

A deadlock vulnerability has been identified in the Linux kernel's driver core, specifically within the device attachment process. The issue arises in the '__device_attach' function, where the locking mechanism can lead to an 'A-A' deadlock scenario. This occurs when asynchronous probing is allowed, but limitations such as low memory or work capacity prevent the completion of async tasks. As a result, the function attempts to synchronously execute, causing a deadlock as it re-acquires the device lock while another async operation is pending. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a deadlock condition, causing the system to hang as processes wait indefinitely for each other to release locks.

Remediation

The vulnerability has been addressed by modifying the locking logic in the '__device_attach' function. The asynchronous scheduling has been moved outside of the device lock, allowing for concurrent operations without disrupting the attachment process. Users should update to the patched version of the Linux kernel where this fix is applied.