Linux Kernel General Protection Fault Vulnerability in md Module

A vulnerability in the Linux kernel's md (multiple device) module can lead to a general protection fault. This issue arises because the mddev structure, which is crucial for managing RAID arrays, can be accessed after it has been invalidated, potentially causing a crash. The vulnerability occurs in versions of the Linux kernel that include the problematic handling of the mddev reference, particularly after the export_rdev function is called. The issue can be reproduced with a specific test that manipulates device states at a very low rate, creating a race condition that triggers the fault.

Impact

Exploitation of this vulnerability causes a general protection fault, likely due to a non-canonical address, leading to a crash of the affected process.

Reproduction

The vulnerability can be reproduced by running a test that adds and removes devices from a software RAID array managed by the md subsystem. This test should be executed at a very low rate to create a race condition, which can be done by using a loop that continuously adds and removes devices through the sysfs interface. The test will result in a general protection fault, indicating that the vulnerability has been successfully triggered.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest version can be found on the official Linux kernel website.