Linux Kernel CXL Driver Use-After-Free Vulnerability in ACPI Subsystem

A use-after-free vulnerability has been identified in the CXL driver of the Linux kernel, specifically within the ACPI subsystem. This issue arises in the 'cxl_decoder_add()' failure path, where the 'put_device()' function is called, releasing a device reference that is subsequently accessed again, leading to potential memory corruption. The vulnerability was detected by KASAN and KFENCE, which reported a slab-use-after-free error in the 'cxl_parse_cfmws()' function.

Impact

Exploitation of this vulnerability can lead to memory corruption, which may be leveraged to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Reproduction

To reproduce this vulnerability, trigger a failure in the 'cxl_decoder_add()' function while the CXL driver is active. This can be done by manipulating the conditions under which the decoder is added, causing the function to fail and inadvertently create a use-after-free scenario. The KASAN and KFENCE tools will then report the use-after-free error, indicating that the vulnerability has been successfully reproduced.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the kernel can be found in the official Linux documentation.