Linux Kernel DLM Invalid Read Vulnerability Leading to Out-of-Bounds Access

An invalid read vulnerability has been identified in the Linux kernel's Distributed Lock Manager (DLM) component. This issue arises when a 'plock' operation is unlocked, allocating a 'struct plock_op', which is then appended to a global 'send_list'. In certain scenarios, a subsequent 'dev_read()' moves this operation to 'recv_list', and a 'dev_write()' casts it to 'struct plock_xop', accessing fields exclusive to those structures. This process triggers the invalid read by misappropriating those fields. The vulnerability was revealed by the Kernel Address Sanitizer (KASAN), which reported a slab-out-of-bounds read error. The issue has been addressed by modifying the 'callback' field to reside within 'struct plock_op', signaling that a cast to 'plock_xop' is permissible and facilitating the additional 'plock_xop' handling if required.

Impact

Exploitation of this vulnerability causes an out-of-bounds read, which can lead to undefined behavior, including potential information leaks or memory corruption.