Linux Kernel DRBD Concurrent Write Conflict Handling Vulnerability

A vulnerability in the Linux kernel's DRBD (Distributed Replicated Block Device) module has been addressed. The issue arose when the 'two-primaries' feature was enabled, allowing DRBD to detect and manage concurrent writes. In this scenario, writes to the same sector on both nodes simultaneously would be synchronized to ensure identical data once the writes were completed. However, the handling of 'superseded' writes omitted a crucial reference count increment, leading to a use-after-free condition. This oversight caused premature destruction of the DRBD device, resulting in kernel crashes. Although this vulnerability exists, it is rarely encountered in real-world scenarios, as proper write management is typically maintained at higher layers, such as with cluster file systems or during live migration in virtualization environments.

Impact

The vulnerability could lead to a use-after-free condition, causing kernel crashes.

Reproduction

To reproduce this vulnerability, enable the 'two-primaries' feature in DRBD and simulate concurrent writes to the same sector on both nodes. This can be done by bypassing the distributed lock management typically used by cluster file systems or by not adhering to the write management protocols during live migration in virtualization environments.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed.