Linux Kernel Modem Status Command Input Queue Blocking Vulnerability in n_gsm TTY Driver

A vulnerability in the Linux kernel's n_gsm TTY driver can lead to input queue blocking by improperly managing Modem Status Command (MSC) responses. When a Data Link Connection (DLC) channel is opened, the driver processes incoming frames but may wait for a response to the MSC before allowing further input. This issue, present in several Linux kernel versions, particularly affects basic encoding modes, where the MSC is relevant. The vulnerability arises because the driver cannot block the input queue while waiting for a remote response, potentially leading to missed or delayed input processing.

Impact

The vulnerability can cause input queue blocking, disrupting the timely processing of incoming frames in the n_gsm TTY driver.

Reproduction

To reproduce this vulnerability, open a DLC channel in the n_gsm TTY driver while in basic encoding mode. The driver will process incoming frames but may block the input queue by waiting for a response to the Modem Status Command, causing delays in input processing. This issue can be observed by monitoring the input queue for delays or missed frames while the MSC response is awaited.

Remediation

The vulnerability has been addressed by modifying the driver to send the Modem Status Command without waiting for a remote response. Users should update to the latest version of the Linux kernel where this fix has been applied.