Linux Kernel Task Migration and Iteration Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's cgroup management, specifically in versions through 5.2. This vulnerability arises during the migration of tasks between control groups, where an iterator can skip tasks due to a timing issue. When a task is moved to a different group, the iterator may advance incorrectly, causing some tasks to be missed. This issue can be reproduced by slowing down the process that reads the list of tasks in a group, creating a window where tasks can be unintentionally skipped.

Impact

Exploitation of this vulnerability can lead to incorrect task management, where tasks are skipped during iteration, potentially causing disruptions in process management and scheduling.

Reproduction

The vulnerability can be reproduced on an Android device by injecting a delay into the 'cgroup_procs_show()' function, which is responsible for listing tasks in a cgroup. After creating a test cgroup and moving several long-running tasks into it, the delayed task listing can be read. Within the delay window, migrating one of the tasks to a different cgroup can cause the iteration to skip over it, demonstrating the race condition.

Remediation

Users can upgrade to Linux kernel versions 5.2 and later, where this vulnerability has been addressed.