Linux Kernel rfkill Event Handling Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Linux kernel's rfkill event handling. Userspace can generate an unlimited number of rfkill events, leading to potential memory exhaustion. This occurs when the system is configured to allow such behavior, and the generated events are not consumed from the rfkill file descriptor. The vulnerability affects the Linux kernel stable group.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the system to run out of memory.

Reproduction

The vulnerability can be reproduced by configuring the system to allow the creation of rfkill events from userspace. Once this is set up, an application can be written or a tool can be used to generate rfkill events continuously without consuming them from the rfkill file descriptor. This will cause the event queue to grow unchecked, eventually leading to a memory exhaustion situation.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable kernel to mitigate this issue.