Linux Kernel TTY Port Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's handling of TTY ports, specifically in versions prior to 5.4.143. The issue arises when the TTY write function invokes memory allocation, which can trigger a standard print operation to report errors. This sequence can create a circular locking dependency, as one lock acquisition interferes with another, leading to a deadlock. The problem is exacerbated by the introduction of console ownership management in a previous kernel update, which added complexity to console write operations.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, where the system becomes unresponsive due to circular locking dependencies.

Reproduction

The vulnerability can be reproduced by writing data to a TTY port in a way that triggers the TTY write function. This can be done through various means, such as using a serial console or a pseudo-terminal. The key aspect is to generate a scenario where the TTY write operation invokes memory allocation, causing the print function to be called while holding a lock on the TTY port. This creates the circular locking dependency that leads to the deadlock.

Remediation

Users can upgrade to Linux kernel versions 5.4.143 or later, where this vulnerability has been addressed.