Linux Kernel Double Registration Warning in PID Tracing Event Handling

A fault injection vulnerability has been identified in the Linux kernel's tracing subsystem, specifically within the PID event handling. This issue arises when the chunk allocation for PID filtering fails, leading to a double registration of the 'sched_switch' tracepoint. The vulnerability was triggered by 'syzkaller', a fuzzing tool, which injected a fault during the allocation process. As a result, the trace PID list management encountered errors, causing the same tracepoint to be registered twice. This vulnerability is present in Linux kernel versions through 6.14.0-rc5.

Impact

Exploitation of this vulnerability causes a fault injection warning to be emitted, indicating a problem in the tracepoint management that could lead to incorrect behavior in PID event tracing.

Reproduction

The vulnerability can be reproduced by first registering a 'sched_switch' tracepoint and then injecting a fault into the PID event handling process. This is done by manipulating the PID filtering events, causing the tracepoint registration to fail and inadvertently register the same tracepoint multiple times, which triggers the fault injection warning.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.