Linux Kernel Use-After-Free Vulnerability in iSCSI TCP During Session Logout

A use-after-free vulnerability has been identified in the Linux kernel's iSCSI TCP implementation. This issue occurs during the logout process of an iSCSI session when another task accesses the 'shost ipaddress' attribute. The vulnerability leads to a use-after-free condition, which can be exploited to cause memory corruption. The problem has been reported and analyzed by Ding Hui.

Impact

Exploitation of this vulnerability causes a use-after-free condition, leading to memory corruption. Such memory corruption can often be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Reproduction

The vulnerability can be reproduced by initiating an iSCSI session and then logging out while another task accesses the 'shost ipaddress' attribute. This sequence triggers the use-after-free condition, as the logout process frees the memory while it is still being accessed by the other task.