Linux Kernel KCM Data-Race Vulnerability Allowing Lockless Reads

A data-race vulnerability has been identified in the Linux kernel's Kernel Connection Multiplexor (KCM) module. This issue allows for lockless reading of certain socket state variables, which can lead to inconsistent or unexpected behavior in network communication. The vulnerability was reported by the Kernel Concurrency Sanitizer (KCSAN) and is present in the KCM socket handling code.

Impact

The vulnerability can cause data corruption or unexpected behavior in network communication by allowing lockless reads of socket state variables, potentially leading to race conditions.

Reproduction

The vulnerability can be reproduced by using the KCM module in a way that triggers the KCM socket receive message handling functions. This can be done by sending network traffic that is processed by KCM, while simultaneously invoking the KCM 'free' function to release received messages. The KCSAN tool can be used to detect the resulting data-race condition.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version of the stable Linux kernel where this issue has been addressed.