Linux Kernel SR-IOV Use-After-Free Vulnerability in SFC Driver

A use-after-free vulnerability has been identified in the Linux kernel's SFC network driver, specifically related to SR-IOV (Single Root I/O Virtualization) management. This vulnerability occurs when virtual functions (VFs) are disabled, leading to a premature release of memory that is still being accessed. The issue was detected by KFENCE, a kernel memory error detection tool, which reported a use-after-free read in the SR-IOV virtual switching function. The vulnerability arises because the pointer to the PCI device of the virtual function is read after it has been freed, creating a potential for memory corruption or exploitation.

Impact

Exploitation of this vulnerability can lead to memory corruption, allowing for potential arbitrary code execution or causing a kernel panic.

Reproduction

The vulnerability can be reproduced by first enabling SR-IOV on a network interface, then disabling it. This sequence of actions triggers the use-after-free condition, as the driver attempts to access memory that has already been released.