Linux Kernel RCU Protection Vulnerability in Packet Type Sequence Handling

A vulnerability has been identified in the Linux kernel's handling of packet type sequences within the net-procfs interface. This issue arises from improper Read-Copy-Update (RCU) protection, leading to potential stalls when reading packet type information. The vulnerability is present in the Linux kernel stable tree, specifically in the net/core/net-procfs.c file. The problem occurs because the ptype_seq_show() function reads device names without adequate synchronization, allowing concurrent modifications to disrupt the data being accessed. The vulnerability has been addressed by introducing a new structure to safely carry device pointers through the sequence operations, ensuring that the packet type display function is protected against changes from concurrent writers.

Impact

The vulnerability could lead to RCU stalls, where the system hangs waiting for a grace period to complete, potentially causing performance issues or deadlocks in network processing.

Reproduction

The vulnerability can be reproduced by creating a scenario where packet type structures are concurrently modified while their associated device names are being read in a manner that violates RCU rules. This can be achieved by removing packet_type structures and clearing the pt->dev field without respecting the necessary RCU grace periods, all while a read operation is in progress.

Remediation

Users can update to the latest patched version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the updated kernel can be found on the official Linux kernel website.