Linux Kernel J1939 Session Activation Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's J1939 implementation. The issue arises in the 'j1939_session_activate()' function, which can incorrectly succeed even after the associated network device has been unregistered. This problem persists despite a recent commit intended to address it. The vulnerability can lead to a situation where the session activation process does not properly account for the device's registration status, potentially causing synchronization issues in session management.

Impact

The vulnerability can cause session management errors in the J1939 protocol, leading to improper handling of active sessions.

Reproduction

The vulnerability can be reproduced by activating a J1939 session on a virtual CAN interface (vcan0) that has been unregistered. This can be done by manually unregistering the network device and then attempting to activate a session, which will succeed despite the device being inactive. This process can be automated using a syzkaller fuzzing campaign, which has reported the issue.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability.