Linux Kernel Background Tracker Work Object Memory Management Vulnerability

A vulnerability in the Linux kernel's device-mapper cache implementation can lead to a kernel BUG due to improper memory management of background tracker work objects. When the background tracker is destroyed, any queued work is not correctly freed, causing objects to remain in the work queue. This issue was introduced in Linux version 6.0.0-rc2 by a commit that altered how kernel memory caches are managed, specifically regarding the deletion of objects without proper synchronization. The vulnerability was discovered using the LVM2 test suite.

Impact

Exploitation of this vulnerability can cause a kernel panic, where the system encounters a critical error and stops functioning, potentially leading to a denial of service.

Reproduction

The vulnerability can be reproduced by using the LVM2 test suite, specifically the 'cache-single-split.sh' script, which triggers the incomplete cleanup of the background tracker's work objects.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.