Linux Kernel Workqueue Management Vulnerability in IDXD DMA Engine Driver

A vulnerability in the Linux kernel's DMA engine IDXD driver can lead to a call trace or kernel panic when IDXD workloads are run in a container with the /dev directory mounted, and the container's parent process is terminated. This issue arises because, in certain Docker configurations, the mount replica is not properly propagated back to the original mount point. As a result, when the user driver detaches, the workqueue is destroyed, but the system still attempts to complete all pending work, leading to potential instability. The vulnerability has been addressed by adding a check to ensure the workqueue is available before attempting to drain it.

Impact

Exploitation of this vulnerability can cause a call trace or a kernel panic, disrupting system stability and potentially leading to a denial of service.