Linux Kernel ksmbd RCU Callback Handling Vulnerability in Module Unload Process

A vulnerability has been identified in the Linux kernel's ksmbd module, related to improper handling of Read-Copy-Update (RCU) callbacks during the module unload process. This issue arises because ksmbd does not call 'rcu_barrier()' when the module is being removed, allowing the module to unload while RCU callbacks are still pending. The vulnerability creates a race condition between closing a connection and unloading the module, which can lead to unintended execution of kernel code. This behavior can be exploited to bypass security measures such as the Kernel Lockdown policy.

Impact

Exploitation of this vulnerability can cause unauthorized execution of kernel code, potentially leading to a violation of Kernel Lockdown protections.

Reproduction

The vulnerability can be reproduced by loading the ksmbd module, establishing a connection, and then unloading the module without first closing the connection. This sequence creates a race condition that triggers the vulnerability.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation.