Linux Kernel macsec Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's macsec implementation. This issue arises because a new macsec device is created without properly referencing the underlying real_dev, leading to a situation where real_dev may not be correctly freed after macsec is done. The vulnerability was introduced by changes that allowed out-of-order network device unregistration, which, combined with improper management of device references, created the use-after-free condition. Exploitation of this vulnerability could potentially be leveraged to manipulate memory, leading to undefined behavior or memory corruption.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where memory that has already been freed is accessed again. This can lead to memory corruption, allowing for arbitrary code execution or causing a system crash.

Remediation

The vulnerability has been addressed in the Linux kernel by adding proper reference tracking for the macsec device. Users should upgrade to the latest version of the Linux kernel where this fix is applied.