Linux Kernel AFS Module Anonymous Key Allocation Vulnerability

A vulnerability in the Linux kernel's AFS (Andrew File System) module relates to the improper handling of anonymous authentication keys for cells. When a cell is mounted, the key allocation is performed in a background thread, which can lead to a race condition. The issue arises when the AFS parser processes the device name and attempts to look up the cell, potentially causing a null reference if the key has not been set, leading to a system error. This vulnerability is particularly relevant following a recent fix that altered the dynamic lookup process, making the issue more likely to occur.

Impact

The vulnerability can cause a system error (commonly referred to as an 'oops') due to a null reference when the key lookup for an anonymous authentication key is attempted before the key has been properly allocated.

Reproduction

The vulnerability can be reproduced by mounting a device with a name that triggers the AFS parser to look up the corresponding cell. This process will initiate a key lookup for the cell's anonymous authentication key. If the key has not yet been allocated, the lookup will fail, causing a null reference error and leading to a system oops.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version to apply the fix.