Linux Kernel Race Condition Vulnerability in vTPM Proxy Driver

A race condition vulnerability has been identified in the Linux kernel's vTPM proxy driver, specifically in the creation of the /dev/vtpmx device. The issue arises because the /dev/vtpmx device is made visible before the workqueue is initialized, potentially leading to memory corruption in severe cases. This vulnerability affects the Linux kernel stable group.

Impact

The vulnerability can cause a race condition that may lead to memory corruption.

Reproduction

The vulnerability can be reproduced by loading the vTPM proxy driver, which will create the /dev/vtpmx device. The device will be exposed before the necessary workqueue is fully initialized, creating a race condition that can result in memory corruption.

Remediation

The vulnerability has been addressed by modifying the driver initialization process to ensure that the workqueue is created before the /dev/vtpmx device is made visible. Users should update to the latest version of the Linux kernel stable tree where this fix has been applied.