Linux Kernel Netfs Read Abandonment During Retry Vulnerability

A vulnerability in the Linux kernel's netfs component can lead to improper handling of read requests during retry operations. Under certain conditions, remaining subrequests from a read request may be abandoned. This issue arises because the 'subreq' variable, which should indicate where to start the abandonment process, can be uninitialized or point to a deleted subrequest. As a result, the abandonment process may not function correctly, potentially leading to an 'oops' error if the subreq pointer is accessed after being cleared. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a denial of service by improperly abandoning read subrequests, which may lead to incomplete data retrieval or application errors.

Reproduction

To reproduce this vulnerability, initiate a read request that requires retrying. Under the conditions that trigger the vulnerability, all remaining subrequests will be abandoned during the retry process. This can be observed by monitoring the handling of the 'subreq' variable, which may not correctly point to the first subrequest needing a retry, leading to an uninitialized state or referencing a deleted subrequest.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed.