Linux Kernel Rose Protocol Soft Lockup Vulnerability

A vulnerability in the Linux kernel's handling of the ROSE (Routing Over Serial Lines) protocol has been identified. The issue arises in the rose_bind() function, where the socket is not properly locked. This oversight can lead to a soft lockup, particularly when bind() is called from multiple threads. The vulnerability has been addressed by ensuring that rose_bind() locks the socket to prevent such lockups.

Impact

The vulnerability can cause a soft lockup, where a thread is unable to release the CPU, potentially leading to performance degradation or system unresponsiveness.

Reproduction

The vulnerability can be reproduced by calling the bind() function from multiple threads while the ROSE protocol is in use. This will trigger a soft lockup in the rose_loopback_timer() function, indicating that the socket was not properly locked during the bind operation.