Linux Kernel Use-After-Free Vulnerability in MRP Applicant Management

A use-after-free vulnerability has been identified in the Linux kernel's Management Relay Protocol (MRP) implementation. This issue arises because the protocol's timer management does not properly synchronize, allowing a timer to be restarted prematurely. As a result, a timer can be incorrectly modified, leading to a use-after-free condition. The vulnerability was reported by syzbot, which observed a crash related to this issue.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by initializing an MRP applicant and then uninitializing it without proper synchronization. This can be done by manually managing the applicant's lifecycle and triggering the periodic timer, which will attempt to access freed memory.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation.