Linux Kernel Elevator Management Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel related to the management of disk schedulers. The issue arises because the elevator, which is responsible for handling file system requests, is disabled in the 'del_gendisk' function. This creates a timing problem where the scheduler's tags can be freed while they are still in use, leading to a use-after-free condition. The vulnerability has been addressed by changing the order of operations: the elevator is now disabled and the scheduler tags are freed at the end of the 'del_gendisk' process, rather than in 'disk_release' or 'blk_cleanup_queue'. This adjustment ensures that the tag_set is valid and prevents the use-after-free scenario.

Impact

Exploitation of this vulnerability could lead to memory corruption issues, allowing for potential arbitrary code execution or other unintended behavior in the kernel.