Linux Kernel Synthetic Events Tracing Last Command Access Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's synthetic events tracing feature. The issue arises because the 'last_cmd' variable can be accessed asynchronously by multiple processes. This vulnerability can lead to use-after-free or double-free errors, particularly when multiple users manipulate the synthetic_events node simultaneously. The problem has been addressed by introducing a mutex to synchronize access to the 'last_cmd' variable, preventing concurrent processes from interfering with each other.

Impact

Exploitation of this vulnerability can cause double-free or use-after-free errors, as reported by the Kernel Address Sanitizer (KASAN). Such memory management errors can lead to serious consequences, including memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced in a KASAN-enabled environment by running two scripts in separate shells. The first script continuously writes a specific byte pattern to the '/sys/kernel/tracing/synthetic_events' file. The second script does the same with a different byte pattern. This simultaneous access can trigger the race condition, leading to the double-free or use-after-free scenarios.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the updated kernel can be found on the official Linux kernel website.