Linux Kernel SMB Server Credit Management Vulnerability in RDMA Transport

A vulnerability in the Linux kernel's SMB server implementation has been addressed. The issue arose in the management of received credits over RDMA, where the logic was prone to race conditions. Specifically, credits could be incorrectly granted before they were fully processed, leading to a mismatch in available credits. This vulnerability affected Linux kernel versions 6.18.x. The issue has been resolved by introducing a dedicated counter for available credits, ensuring accurate tracking as new receive buffers are posted and credits are granted to the peer. This regression was reported by Namjae Jeon.

Impact

The vulnerability could lead to improper management of receive credits in the SMB server over RDMA, potentially causing performance issues or incorrect credit allocations.

Reproduction

The vulnerability can be reproduced by using the SMB server feature in the Linux kernel 6.18.x series, specifically over RDMA transport. The issue arises in the credit management logic, where credits are granted before they are fully processed, creating a race condition.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree to address this vulnerability.