Linux Kernel FunctionFS Bind Race Condition Vulnerability Leading to Kernel Panic

A race condition vulnerability has been identified in the Linux kernel's USB gadget functionality, specifically within the functionfs_bind process. This vulnerability can cause a kernel panic when the 'panic_on_warn' option is enabled. The issue arises from the improper use of WARN_ON in functionfs_bind, creating a race condition between ADB (Android Debug Bridge) operations and UDC (USB Device Controller) writes via configfs. The vulnerability has been addressed by removing the unnecessary WARN_ON, preventing the kernel panic scenario.

Impact

Exploitation of this vulnerability can lead to a kernel panic, causing a system crash and disruption of services.

Reproduction

The vulnerability can be reproduced by enabling the 'panic_on_warn' option in the Linux kernel. Once this is set, initiate an ADB operation while simultaneously performing a UDC write through configfs. The race condition will trigger a WARN_ON in functionfs_bind, leading to a kernel panic.

Remediation

No specific remediation is mentioned, but users can consider updating to a patched version of the Linux kernel where this vulnerability has been addressed.