Linux Kernel NVMe over Fibre Channel Port State Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's NVMe over Fibre Channel (FC) implementation. The issue arises in the 'nvme_fc_create_association' function, where the port state is checked without proper locking, leading to a potential mismatch with the reconnect logic. Specifically, 'nvme_fc_unregister_remote' can remove a remote port at any time when there is no active association, creating a race with the reconnection process. This vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability can lead to a race condition, where the NVMe over FC reconnect logic may not function correctly, potentially causing disruptions in the management of remote ports.

Reproduction

The vulnerability can be reproduced by allowing 'nvme_fc_unregister_remote' to remove a remote port from a lport object when there is no active association. This can be done by manipulating the association states, causing a race with the 'nvme_fc_create_association' function, which fails to properly lock and check the port state before increasing the active count on the remote port.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.