Linux Kernel Hung Task Denial-of-Service Vulnerability in RCU Scale Writer

A denial-of-service vulnerability has been identified in the Linux kernel's RCU (Read-Copy-Update) subsystem, specifically within the rcuscale module. The issue arises because the rcuscale.holdoff parameter can delay the activation of the rcu_scale_writer kernel thread. If this delay exceeds the system's hung task timeout, the kernel will flag the rcu_scale_writer task as being blocked for too long, potentially disrupting system operations. This vulnerability affects Linux kernel versions prior to 6.4.0-rc1-00134-gb9ed6de8d4ff.

Impact

Exploitation of this vulnerability leads to a hung task timeout, where the rcu_scale_writer task is blocked for an extended period, causing potential disruptions in system performance and responsiveness.

Reproduction

The vulnerability can be reproduced by setting the rcuscale.holdoff parameter to a value greater than the default hung_task_timeout_secs. This can be done by booting the kernel with the rcuscale.holdoff=300 parameter, which delays the start of the rcu_scale_writer thread by 300 seconds. After this period, the hung task timeout will trigger, indicating that the task has been blocked for too long.

Remediation

Users can upgrade to Linux kernel versions 6.4.0-rc1-00134-gb9ed6de8d4ff or later, where this vulnerability has been addressed.