CVE-2023-54128

In the Linux kernel, a race condition exists in the mount peer group ID cleanup path. The vulnerability occurs when cleaning up peer group IDs in a failure scenario, where the code fails to hold the namespace lock [1]. Without this lock, another thread can concurrently change a mount from a shared to a non-shared type, leading to inconsistent state [1].

The attack requires local access to the system and the ability to trigger the specific failure path in mount operations. An unprivileged user could potentially exploit this by racing mount system calls to manipulate the peer group IDs while the cleanup is in progress [1]. The namespace lock is meant to serialize such changes, so its absence creates a window of vulnerability.

An attacker successfully exploiting this race could corrupt mount sharing data structures, potentially leading to a denial of service (system crash or hang) or, in some cases, information disclosure if shared mount contents are improperly exposed [1]. The impact is primarily on system availability and integrity.

The fix has been applied in the upstream Linux kernel and is available from commit ddca03d97daa [1]. Users are advised to update their kernels to include this patch. No workaround is available other than applying the kernel update.