Linux Kernel DNS Query Keyring Association Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability has been identified in the Linux kernel's handling of DNS queries. When the kernel processes a DNS request using the 'dns_query()' function, it can, in rare instances, create a duplicate index key in the associated array of the destination keyring. This duplication is eventually detected by a 'BUG_ON()' check within the associated array implementation, causing a kernel crash. The issue arises when one task makes a DNS query and a second task concurrently queries the same hostname, leading to a conflict in keyring management.

Impact

Exploitation of this vulnerability causes a kernel crash, disrupting system operations and potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by initiating two concurrent DNS queries for the same hostname within the Linux kernel. This can be done by using a workqueue to process one query while another is still being resolved, causing a race condition that leads to the duplication of key indices in the keyring's associated array.

Remediation

Users can upgrade to the patched version of the Linux kernel available in the Linux Kernel Stable Git Repository to address this vulnerability.