Linux Kernel QRTR MHI Channel Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's QRTR (Qualcomm Remote Procedure Call Transport) implementation over the MHI (Mobile High-speed Interface) channel. This vulnerability arises because the MHI channel can generate an event or interrupt immediately after being enabled, potentially leading to two race condition scenarios. In the first scenario, the event may be dropped by the QRTR callback function, preventing the QRTR namespace from enumerating services on the device. In the second scenario, the event could be received after the device data has been set but before the QRTR endpoint is registered, causing a kernel panic by accessing an invalid pointer since the endpoint has not yet been created.

Impact

Exploitation of this vulnerability can lead to a kernel panic, causing a denial of service by crashing the system.

Remediation

The vulnerability has been addressed by modifying the QRTR MHI channel handling to ensure that the MHI channel preparation for transfer is queued after the endpoint creation, preventing the race condition.