Linux Kernel Drop Monitor Incorrect Initialization Vulnerability

A vulnerability exists in the Linux kernel's drop monitor component due to an incorrect initialization order. This issue can lead to a spinlock being used before it is properly initialized, causing a synchronization error. The vulnerability was identified by Syzkaller, a fuzzing tool, which reported a bug related to spinlock magic being corrupted. The issue arises when the drop monitor is loaded as a kernel module, allowing Syzkaller to send a command that triggers the uninitialized spinlock, potentially leading to a race condition or other synchronization-related problems.

Impact

Exploitation of this vulnerability can cause a spinlock synchronization error, which may lead to a race condition or other locking-related issues in the kernel.

Reproduction

To reproduce this vulnerability, load the drop monitor kernel module. If Syzkaller is running, it can send a command to start the drop monitoring process before the module has fully initialized, causing the net_dm_monitor_start() function to use an uninitialized spinlock. This sequence creates a spinlock magic error, indicating a critical synchronization problem.

Remediation

Users should ensure that the drop monitor module is properly initialized before it is used. This vulnerability has been addressed in the Linux kernel by rearranging the initialization process to prevent the spinlock from being used prematurely.