Linux Kernel KCSAN-Reported Data-Race Vulnerability in BPF LRU List Management

A data-race vulnerability has been identified in the Linux kernel's BPF (Berkeley Packet Filter) LRU (Least Recently Used) list management. This vulnerability affects the node reference handling in the BPF LRU list, leading to potential inconsistencies in reference counting. The issue arises from concurrent access to the node reference, which KCSAN (Kernel Concurrency Sanitizer) reported as a data-race. The vulnerability is present in the Linux kernel stable tree, specifically in versions 6.3.0-rc7 and prior. The root cause of the vulnerability is the lack of proper synchronization when updating the node reference, allowing for concurrent tasks to read and write the reference value simultaneously, which can lead to inconsistent state management.

Impact

Exploitation of this vulnerability can cause data corruption in the BPF LRU list management, where node reference counts may not be accurately maintained. This could disrupt the expected behavior of BPF programs that rely on LRU list management, potentially leading to performance degradation or incorrect program execution.

Reproduction

The vulnerability can be reproduced by using the BPF LRU list management functions in a scenario where multiple CPUs concurrently access and modify the node references without proper synchronization. This can be achieved by running a BPF program that manipulates LRU lists while simultaneously executing another program that accesses the same LRU list, creating a race condition on the node reference updates.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.