Linux Kernel KCM Data-Race Vulnerability Allowing Lockless Reads of RX PSock

A data-race vulnerability has been identified in the Linux kernel's Kernel Connection Multiplexor (KCM) module. This issue allows for lockless reading of the 'rx_psock' variable in the 'kcm_rfree()' function, potentially leading to inconsistent or unexpected behavior. The vulnerability was reported by the Kernel Concurrency Sanitizer, which detected the data-race condition when 'unreserve_rx_kcm' was called, indicating that the 'rx_psock' variable could be read without proper synchronization, creating a risk of data corruption or miscommunication between processes.

Impact

Exploitation of this vulnerability could lead to data corruption or miscommunication between processes using the KCM module, as lockless reads of the 'rx_psock' variable could result in inconsistent state information being exchanged.

Reproduction

The vulnerability can be reproduced by invoking the 'unreserve_rx_kcm' function, which writes to the 'rx_psock' variable, while simultaneously calling 'kcm_rfree()', which reads 'rx_psock' without any locks. This can be achieved by creating a scenario where these two functions are executed concurrently, such as through multithreading or asynchronous processing.

Remediation

The vulnerability has been addressed in the official Linux Git repository. Users should upgrade to the latest version of the Linux kernel to apply the necessary patches.