Linux Kernel UNIX Domain Socket VFS Data Exposure Vulnerability

A vulnerability in the Linux kernel's handling of UNIX domain socket diagnostics has been addressed. The issue involved reading UNIX_DIAG_VFS data while under the protection of the unix_state_lock, which could lead to unstable VFS data being reported. This vulnerability existed because UNIX diagnostic lookups referenced the socket but not the associated path. The unix_release_sock() function would clear the path reference under the unix_state_lock and drop the reference after unlocking, creating a potential race condition. The vulnerability has been fixed by ensuring that the VFS data is read and stabilized while the lock is held, before the netlink attribute is emitted.

Impact

Exploitation of this vulnerability could lead to incorrect or unstable VFS data being reported for UNIX domain sockets, potentially causing issues in applications that rely on accurate socket diagnostics.