Linux Kernel NMI-Safety Vulnerability in Memory Management

A vulnerability has been identified in the Linux kernel's memory management subsystem, specifically within the slab allocator. This issue arises when the function 'get_from_any_partial()' is called in a Non-Maskable Interrupt (NMI) context. The problem stems from accessing 'current->mems_allowed_seq', which is a 'seqcount_spinlock_t' not safe for NMI operations. This can lead to an inconsistent lock state and potential deadlocks. The vulnerability affects Linux kernel versions through 6.19.0-rc5.

Impact

The vulnerability can cause deadlocks by creating an inconsistent lock state, where the NMI context interferes with normal locking mechanisms, potentially leading to a system hang or crash.

Reproduction

The vulnerability can be reproduced by invoking the 'get_from_any_partial()' function within an NMI context, which can be simulated using certain kernel testing frameworks or by causing a hardware interrupt that triggers an NMI. This will expose the vulnerability by accessing the 'current->mems_allowed_seq' in a manner that is not safe for NMI operations, leading to the described locking inconsistencies.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.