Linux Kernel SCTP Stream Priorities Reference Count Vulnerability

A vulnerability in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation can lead to a performance issue. The vulnerability arises because the priority management for SCTP streams does not properly account for how many streams are using a given priority. This oversight can cause a nested loop when freeing stream priorities, potentially leading to a 'soft lockup' where a CPU gets stuck for an extended period. The issue has been addressed by adding a reference count to the stream priorities, allowing the system to manage priorities more efficiently and avoid the performance bottleneck.

Impact

The vulnerability could cause a 'soft lockup' situation, where a CPU is stuck for an extended period, disrupting normal processing. This was observed in a reported case where a CPU was stuck for 26 seconds.

Reproduction

The vulnerability can be reproduced by manipulating SCTP stream priorities in a way that triggers the priority management system to traverse all streams. This can be done by setting and freeing priorities in a loop, which will create a nested loop scenario. The 'soft lockup' can be observed as a CPU gets stuck for an extended period, similar to the reported case where 'ksoftirqd' was delayed by 26 seconds.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix can be found in the Linux kernel stable tree.