Linux Kernel Staging VME User Use-After-Free Vulnerability in TSI148 DMA List Add Function

A use-after-free vulnerability has been identified in the Linux kernel's staging area, specifically within the VME user driver. The issue arises in the TSI148 DMA list add function, where an entry's list is not properly removed before the entry is freed. This oversight can lead to a use-after-free condition during list traversal. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by adding a DMA entry to a list and then triggering an error that causes the function to exit without removing the entry from the list. This leaves the entry's list pointer dangling, as it has been freed but not removed from the list, creating a use-after-free condition when the list is traversed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.