Linux Kernel Dynamic Partitions Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's MTD (Memory Technology Device) subsystem, specifically within the dynamic partitions code. This issue arises from a missing reference count management function, which can lead to memory being freed while still in use, potentially causing instability or exploitation opportunities. The vulnerability was introduced in a previous commit that added support for dynamic partitions, and it affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where memory is improperly managed, potentially allowing for arbitrary code execution or causing a system crash.

Reproduction

The vulnerability can be reproduced by creating dynamic MTD partitions on a device using the GPMI NAND controller. This process will trigger the unbalanced reference count management, leading to the use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. The specific commit that addresses this issue is 12b58961de0bd88b3c7dfa5d21f6d67f4678b780.