Linux Kernel hwmon ibmpex Driver Race Condition Vulnerability

A race condition vulnerability has been identified in the Linux kernel's hwmon ibmpex driver. This issue arises from a patch intended to fix a use-after-free problem, which inadvertently created a new race condition. The vulnerability exists in the stable group of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, causing a crash when a user space process reads a sensor file while the deletion process is active.

Reproduction

The vulnerability can be reproduced by removing a sensor attribute file while a user space process is reading from a sensor file, such as 'temp1_input'. This can be done by triggering the 'ibmpex_bmc_delete' function, which removes the sensor attributes, after initiating a read operation on the sensor file.

Remediation

To address this vulnerability, revert the patch that introduced the issue and restore the original order of operations. The reverted patch can be re-applied later if a complete fix for the race condition is provided.