Linux Kernel KCM STRP Initialization Vulnerability

A vulnerability in the Linux kernel's KCM (Kernel Connection Multiplexing) implementation has been addressed. The issue arose from the improper order of operations in the STRP (Stream Control Transmission Protocol) initialization process. Specifically, the function strp_init() was called before checking the user data associated with the connection, leading to unnecessary cancellation of newly initialized work. Additionally, if the user data was already in use by KCM, the STRP state should not have been modified. This vulnerability has been resolved by rearranging the initialization sequence and addressing a related lock dependency warning.

Impact

The vulnerability could lead to improper handling of STRP work states, potentially causing synchronization issues or other unintended behavior in the KCM implementation.