Linux Kernel ATM Subsystem Race Condition Vulnerability in Device Deregistration

A race condition vulnerability has been identified in the Linux kernel's ATM subsystem. The issue arises in the device deregistration process, where the mutex protecting device operations is released before the associated procfs and sysfs entries are removed. This creates a brief window where the device is no longer listed but its filesystem entries remain, leading to a warning about a duplicate registration. The vulnerability has been observed in Linux kernel version 6.16.0-rc2.

Impact

Exploitation of this vulnerability can lead to a race condition, causing warnings about duplicate procfs entries and potentially disrupting normal ATM device operations.

Reproduction

The vulnerability can be reproduced by registering an ATM device, which creates corresponding procfs and sysfs entries. After deregistering the device, the procfs and sysfs entries are not immediately removed, creating a race condition. This can be automated with a syzkaller test, which will trigger the warning about the duplicate procfs entry.

Remediation

The vulnerability has been addressed in the official Linux Git repository. Users should upgrade to the latest stable version of the Linux kernel.