Linux Kernel Rxrpc Data-Race and Load/Store Tearing Vulnerability

A data-race vulnerability has been identified in the Linux kernel's Rxrpc implementation, specifically within the peer keepalive worker and data packet sending functions. The issue arises from concurrent read and write operations on the 'last_tx_at' timestamp, which can lead to incorrect keepalive packet transmissions. This vulnerability is particularly problematic on 32-bit architectures, where tearing can occur with 64-bit values. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause incorrect handling of keepalive packets, potentially leading to disrupted connections or premature timeouts.

Reproduction

The vulnerability can be reproduced by running a version of the Linux kernel that includes the affected Rxrpc code. The issue can be triggered by sending data packets over a connection while simultaneously performing keepalive operations, which will create a data-race condition on the 'last_tx_at' timestamp.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.