Linux Kernel CPU-Clock Event Handling Deadlock Vulnerability

A vulnerability in the Linux kernel's handling of CPU-clock events can lead to a system hang. This issue arises from a recursion in the event management that causes a deadlock. The problem was introduced in a previous commit that altered the event delivery mechanism, disrupting the normal processing of event timers. When the async-profiler tool uses the CPU-clock for profiling, it can trigger this hang by creating a situation where the event handling code is called in a way that conflicts with the timer management, causing the system to freeze.

Impact

Exploitation of this vulnerability can cause a complete system hang, leading to a denial of service condition where the system becomes unresponsive.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version are available in the Linux kernel documentation.