Linux Kernel Netlink Access Synchronization Vulnerability Allows Data Race Conditions

A data race vulnerability has been identified in the Linux kernel's netlink implementation. This issue arises because the functions netlink_recvmsg() and netlink_native_seq_show() access the nlk->cb_running variable without proper synchronization, leading to potential inconsistencies. The vulnerability affects the Linux kernel stable tree and has been addressed by modifying these functions to use READ_ONCE() for safe reading, while also adding WRITE_ONCE() to netlink_dump() and __netlink_dump_start() to ensure proper write synchronization.

Impact

Exploitation of this vulnerability can lead to data race conditions, where concurrent tasks may read and write shared data in an unpredictable manner, potentially causing erratic behavior in the application or system.

Reproduction

The vulnerability can be reproduced by triggering the netlink_dump operation while simultaneously receiving netlink messages. This can be done by sending netlink messages to a socket that is being monitored with a sequence file, which will read the cb_running variable without the necessary locks, creating a data race.

Remediation

Users can update to the latest patched version of the Linux kernel to address this vulnerability. The patch is included in the official Linux kernel repositories.