Linux Kernel usbnet Linkwatch Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's usbnet component, specifically within USB Ethernet drivers such as aqc111, asix_devices, ax88179_178a, ch9200, and smsc75xx. The issue arises when these drivers receive a link change interrupt just before disconnection, triggering a non-sleepable status callback that schedules a deferred kevent. This deferred work is processed after the network device has been unregistered, allowing operations on an unregistered device and potentially leading to a use-after-free condition.

Impact

Exploitation of this vulnerability causes a use-after-free condition in USB Ethernet drivers, allowing for potential memory corruption or arbitrary code execution.

Reproduction

To reproduce this vulnerability, connect a USB Ethernet device using one of the affected drivers. Initiate a link change interrupt just before disconnecting the device. The driver will schedule a link reset event, which is processed after the device has been unregistered, creating a use-after-free condition.

Remediation

Users can apply the latest patches available in the Linux kernel to address this vulnerability.