Linux Kernel IRQ Handler Improperly Configured Vulnerability in Counter Driver

A vulnerability has been identified in the Linux kernel's counter driver, specifically in versions through 6.18.0-rc1. The issue arises because an Interrupt Request (IRQ) handler is configured to use the IRQF_NO_THREAD flag, which can lead to an invalid wait context. This misconfiguration allows the IRQ handler to either be non-threaded or to acquire a spinlock, but not both simultaneously. When the IRQF_NO_THREAD flag is used, it prevents proper handling of nested locks, potentially leading to concurrency issues.

Impact

Exploitation of this vulnerability can cause IRQ handlers to be improperly synchronized, leading to potential race conditions or deadlocks in the handling of interrupts.

Reproduction

The vulnerability can be reproduced by loading a kernel module that utilizes the counter driver with an IRQ handler. The module should be configured to use the IRQF_NO_THREAD flag while also requiring a spinlock. This setup will trigger a warning from the kernel's lock nesting verifier, indicating an invalid wait context, as the IRQ handler attempts to acquire a lock while being in a non-threaded context.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is 23f9485510c338476b9735d516c1d4aacb810d46.