Linux Kernel RxRPC RCU-Safe Call Removal Vulnerability

A vulnerability in the Linux kernel's RxRPC implementation has been addressed. The issue arose from the call removal process, which improperly used list_del_init(), potentially causing reads from /proc/net/rxrpc/calls to enter an infinite loop. The fix involves using list_del_rcu() for safe deletion, but this change complicates the detection of previously deleted entries. The solution includes modifying rxrpc_destroy_all_calls() to limit its output to the first ten calls still on the list, eliminating the need for certain checks and allowing for a more straightforward deletion process.

Impact

The vulnerability could lead to improper management of RxRPC calls, causing potential infinite loops when reading call data, which could disrupt normal operations and processing of RxRPC calls.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.