Linux Kernel Event Tracing Denial-of-Service Vulnerability via Corrupt Histogram Triggers

A denial-of-service vulnerability has been identified in the Linux kernel's event tracing subsystem. The issue arises when a histogram trigger is created with invalid parameters, which can lead to a crash. This vulnerability is present in the event tracing for the RCU (Read-Copy-Update) callback events. The problem occurs because the trigger registration process can fail, but the associated data is not properly cleaned up, leaving a reference that can cause a use-after-free condition. When the trigger is registered again, it can lead to a kernel crash by accessing freed memory.

Impact

Exploiting this vulnerability can cause a kernel crash, leading to a denial-of-service condition where the system becomes unresponsive or unavailable.

Reproduction

The vulnerability can be reproduced by navigating to the RCU callback event tracing directory and attempting to write a histogram trigger with invalid keys. The first command will fail with an 'Invalid argument' error, but the second command, which attempts to write a valid histogram trigger, will trigger the vulnerability by causing a crash.