Linux Kernel EBUSY Handling Vulnerability in Crypto Seqiv Component

A use-after-free vulnerability has been addressed in the Linux kernel's crypto seqiv component. This issue arises because seqiv only properly handles the EINPROGRESS return value, freeing associated data in all other cases. However, when the caller specifies MAY_BACKLOG, seqiv must also anticipate EBUSY and manage it similarly. Failing to do so can lead to backlogged requests triggering the use-after-free condition.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by sending a backlogged request to the seqiv component that includes the MAY_BACKLOG flag. The request should trigger a response with the EBUSY return value. This will cause the seqiv component to improperly free data related to the request, creating a use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.