Linux Kernel CIFS Oplock Break Race Condition Vulnerability

A potential oops (kernel panic) issue has been identified in the CIFS (Common Internet File System) implementation of the Linux kernel. This vulnerability arises from a race condition between deferred close operations and lease breaks. The current checks for sending lease responses can be disrupted by an unmount operation occurring at a critical moment, leading to a situation where the connection state is invalid. The vulnerability has been addressed by reordering the checks to ensure the open file list is empty before sending lease break acknowledgments.

Impact

Exploitation of this vulnerability can lead to a kernel oops, causing a system crash.

Reproduction

The vulnerability can be reproduced by initiating a deferred close operation on a CIFS file handle while simultaneously triggering a lease break. This race condition can cause the CIFS oplock break handling function to access an invalid connection state, leading to a kernel oops.

Remediation

Users can upgrade to the latest stable version of the Linux kernel where this vulnerability has been fixed.