Linux Kernel Kprobes Disarm Vulnerability Leading to Denial-of-Service

A vulnerability in the Linux kernel's kprobes functionality can lead to a denial-of-service condition. The issue arises when a kprobe is disabled, but the system attempts to disarm it, triggering a warning and causing a soft lockup. This problem can be reproduced by disabling a kprobe, re-enabling kprobes without arming the disabled one, and then attempting to disarm it again, which results in an infinite loop and RCU stall.

Impact

Exploitation of this vulnerability causes a soft lockup, where the system becomes unresponsive due to a process being stuck in an infinite loop, preventing normal operations from proceeding.

Reproduction

To reproduce this vulnerability, first disable kprobes by writing '0' to '/sys/kernel/debug/kprobes/enabled'. Then, run 'execsnoop' to disable a kprobe. After confirming the kprobe is disabled, re-enable kprobes by writing '1' to '/sys/kernel/debug/kprobes/enabled'. This action will not arm the previously disabled kprobe. Finally, terminate the 'execsnoop' process, which will trigger the vulnerability by causing the system to attempt to disarm the disabled kprobe, resulting in a warning and an infinite loop that causes a soft lockup.