Linux Kernel pfmemalloc Status Handling Vulnerability in skb_append_pagefrags()

A vulnerability has been identified in the Linux kernel's handling of pfmemalloc status within the skb_append_pagefrags() function. This function, which is utilized by af_unix and UDP sendpage() implementations, incorrectly senses pfmemalloc status for user-space owned pages. This oversight can lead to a data race condition, as reported by the Kernel Concurrency Sanitizer, where concurrent tasks can interfere with each other's operations, potentially causing inconsistent or corrupted data states. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a data race condition, where two tasks concurrently read and write shared data, leading to potential data corruption or inconsistent states.

Reproduction

The vulnerability can be reproduced by using the 'sendfile' system call to transfer data through a pipe, which is then sent over a Unix domain socket. This process can be automated with a syzkaller fuzzing campaign, which will trigger the data race condition by concurrently executing tasks that read and write pfmemalloc status.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed.