Linux Kernel NFC Subsystem Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's NFC subsystem. The issue arises because the logic in the NFC device registration process does not properly account for the timing of rfkill unregistration. As a result, the rfkill object can be accessed after it has been freed, leading to potential memory corruption. This vulnerability has been observed in Linux kernel version 5.18-rc2.

Impact

Exploitation of this vulnerability can lead to memory corruption, allowing for potential arbitrary code execution or escalation of privileges.

Reproduction

The vulnerability can be reproduced by registering an NFC device and then unregistering it while the associated rfkill object is still being referenced. This can be done using a fuzzing tool that sends rapid, automated commands to the NFC subsystem, creating a race condition that the kernel's memory management cannot handle properly.