Linux Kernel ax25 Incorrect Device Tracker Reference Vulnerability

A vulnerability in the Linux kernel's ax25 protocol implementation has been addressed. The issue arose from improper management of device reference tracking, which can lead to warnings about references being released too early. This vulnerability was discovered while investigating a separate issue with the rose protocol, and it affects ax25 devices that can be used by one or more ax25 control blocks. The problem was related to the net device reference count tracker, which, when enabled, revealed the ax25 issue.

Impact

The vulnerability could lead to a use-after-free condition, where a reference is accessed after it has been released, potentially causing memory corruption or other unintended behavior.

Reproduction

The vulnerability can be reproduced by enabling the net device reference count tracker in the Linux kernel. Once this feature is activated, the ax25 issue can be observed, as the incorrect handling of device references will trigger a warning about a reference being released prematurely. This warning indicates that the reference was freed while it was still in use, creating a potential use-after-free vulnerability.

Remediation

Users should update to the latest version of the Linux kernel where this vulnerability has been fixed.