Linux Kernel DM Thin Provisioning Target Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's DM thin provisioning target. This issue arises when the 'dm_resume()' and 'dm_destroy()' functions are executed concurrently, leading to a use-after-free condition. The vulnerability was detected by the Kernel Address Sanitizer (KASAN), which reported a write of size 8 at a specific memory address by the swapper task. The vulnerability can be reproduced by creating a thin pool, suspending it, resuming it, and then removing it, all while the resume operation is still in progress.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

To reproduce this vulnerability, create a thin pool using the 'dmsetup' command. Once the pool is created, suspend it with 'dmsetup suspend pool', then immediately resume it with 'dmsetup resume pool'. After resuming, use 'dmsetup remove_all' to remove the pool, which will trigger the vulnerability by causing a use-after-free condition.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the documentation for your specific Linux distribution.