Linux Kernel Peer Group ID Cleanup Vulnerability Under Namespace Lock

A vulnerability exists in the Linux kernel's handling of peer group IDs during the cleanup process. When peer group IDs are being cleaned up, it is crucial to maintain the namespace lock. Failing to do so could allow another thread to concurrently change a mount from shared to non-shared, potentially leading to inconsistencies or errors.

Impact

The vulnerability could cause synchronization issues, allowing concurrent threads to interfere with each other's operations on mount namespaces, which could lead to unexpected behavior or system instability.

Reproduction

The vulnerability can be reproduced by creating a scenario where peer group IDs need to be cleaned up while another thread is allowed to change the mount's propagation state. This can be done by manipulating mount attributes in a way that triggers the cleanup process without holding the necessary namespace lock, creating a race condition.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.