Linux Kernel RCU-Protected Parameter Snapshot Vulnerability in act_gate

A vulnerability exists in the Linux kernel's gate action scheduling, where the action can be replaced while the hrtimer callback or dump process is traversing the schedule list. This issue affects the stable group of the Linux kernel. The vulnerability arises because the gate action parameters are not properly synchronized, allowing for potential inconsistencies when the action is replaced. Exploitation could lead to unexpected behavior in the scheduling of gate actions, potentially disrupting network traffic control.

Impact

The vulnerability could cause inconsistencies in the scheduling of gate actions, disrupting network traffic control and potentially leading to degraded performance or unintended behavior in networked applications.

Reproduction

To reproduce this vulnerability, replace a gate action while the hrtimer callback or dump process is active. This can be done by initiating a replacement of the gate action parameters without proper synchronization, allowing the replacement to occur while the schedule list is still being processed.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux kernel documentation.