Linux Kernel NVMe PCI Race Condition Vulnerability in IRQ Management

A race condition vulnerability has been identified in the NVMe over PCI driver of the Linux kernel. This issue arises when the interrupt management for NVMe queues is not properly synchronized, leading to an 'unbalanced enable' warning for interrupt request (IRQ) vectors. The vulnerability occurs because the IRQ vector can be changed by concurrent operations, causing the driver to attempt to enable an IRQ that was never disabled. This flaw has been addressed by modifying the IRQ handling to ensure that the same IRQ number is used for both disabling and enabling interrupts, thereby maintaining proper synchronization and avoiding warnings.

Impact

Exploitation of this vulnerability can lead to IRQ management warnings and potential disruptions in interrupt handling for NVMe devices, which may affect the performance and reliability of storage operations.

Reproduction

The vulnerability can be reproduced by initiating a poll operation on an NVMe queue while simultaneously disabling the associated PCI device. This can be done by triggering the 'nvme_reset_work' function, which disables the device and alters the IRQ vector, creating a race condition that the vulnerability exploits.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.