Linux Kernel PHY LED Trigger Registration Deadlock Vulnerability

A deadlock vulnerability has been identified in the Linux kernel's handling of LED triggers for network devices. This issue arises when both the LED_TRIGGER_PHY and LEDS_TRIGGER_NETDEV options are enabled, leading to an AB-BA deadlock scenario. The problem occurs during the PHY attachment process, where the LED_TRIGGER_PHY registration competes with the LEDS_TRIGGER_NETDEV activation, both requiring different locks and causing a standstill. The vulnerability affects the Linux kernel stable group.

Impact

Exploitation of this vulnerability leads to a deadlock condition, causing the system to hang and potentially disrupting network operations.

Reproduction

The vulnerability can be reproduced by enabling both the LED_TRIGGER_PHY and LEDS_TRIGGER_NETDEV options on a network device. During the PHY attachment process, the LED_TRIGGER_PHY will attempt to register its triggers while holding a lock, and then try to acquire another lock that is already held by the LEDS_TRIGGER_NETDEV, creating a deadlock situation.

Remediation

The vulnerability has been addressed by modifying the PHY LED trigger registration process to avoid the deadlock. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.