Linux Kernel JBD2 Soft Lockup Vulnerability in Checkpointing Process

A vulnerability in the Linux kernel's JBD2 (Journaling Block Device) module can lead to a soft lockup, where the CPU becomes unresponsive for an extended period. This issue occurs in the JBD2 log checkpointing function, which improperly manages task rescheduling. The vulnerability is present in the Linux kernel stable tree, specifically in versions through 6.6.0.

Impact

Exploitation of this vulnerability causes a soft lockup, where a CPU thread becomes stuck and unresponsive for a significant duration, disrupting normal system operations.

Reproduction

The vulnerability can be reproduced by performing write operations on an EXT4 filesystem that uses JBD2 for journaling. This can be done by writing data to files on the filesystem, which triggers the JBD2 log checkpointing process. During this operation, the JBD2_log_do_checkpoint() function may enter a loop that fails to properly reschedule the task, leading to a soft lockup. This can be observed in the system logs, where the watchdog reports a soft lockup on the affected CPU.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable kernel to mitigate this issue.