Linux Kernel Rxrpc Deadlock Vulnerability in AFS Module

Vulnerability

A deadlock vulnerability has been identified in the Linux kernel within the AFS (Andrew File System) module, specifically in versions through 6.13.0-rc5. The issue arises because the AFS address list retains references to rxrpc_peer objects, which are freed under RCU (Read-Copy-Update) management. When an rxrpc_peer object is dereferenced and removed from the peer hash table, it requires a spinlock. However, this operation can conflict with the RCU cleanup process, leading to a potential deadlock scenario. The vulnerability has been acknowledged and addressed by modifying the locking mechanism to prevent such conflicts.

Impact

Exploitation of this vulnerability can lead to a deadlock situation, where the system becomes unresponsive due to conflicting lock management between the AFS module and the RCU cleanup process.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Rxrpc Deadlock Vulnerability in AFS Module

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating