Linux Kernel SCSI Refcount Leak Vulnerability Causes Host Shutdown

A refcount leak vulnerability has been identified in the Linux kernel's SCSI core, specifically related to the tagset reference count. This leak can lead to a hang when the SCSI host is being torn down. For instance, the 'iscsid' process may hang, causing some SCSI devices not to be configured properly. The issue has been addressed in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a hang in the SCSI host teardown process, causing the 'iscsid' service to hang and potentially leaving some SCSI devices unconfigured.

Reproduction

The vulnerability can be reproduced by allowing the 'iscsid' process to run and then initiating a teardown of the SCSI host. This process will hang, as the refcount leak prevents the host from being removed properly. The call trace will show an allocation failure during SCSI scanning, indicating that some SCSI devices might not be configured.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.