Linux Kernel ibmveth Denial-of-Service Vulnerability via veth_pool_store Synchronization Issue

A denial-of-service vulnerability has been identified in the Linux kernel's ibmveth driver. The issue arises from improper synchronization in the veth_pool_store function, which can lead to thread hangs. When multiple threads write to specific sysfs pool attributes simultaneously, it can cause one thread to block for an extended period, disrupting normal operations. This vulnerability affects Linux kernel versions prior to 6.14.0-01103.

Impact

Exploitation of this vulnerability can cause a thread to hang for over 122 seconds, leading to significant delays in processing and potentially causing timeouts in systemd services.

Reproduction

The vulnerability can be reproduced by writing to the sysfs pool attributes of the ibmveth driver. This can be done using a simple shell script that sends concurrent writes to the pool0 and pool1 active settings. The lack of proper mutex locking allows these writes to interfere with each other, causing one thread to block while waiting for a resource held by another thread.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.