Linux Kernel Intel IAVF Driver Use-After-Free Vulnerability in NAPI Management

A use-after-free vulnerability has been identified in the Intel IAVF driver of the Linux kernel. This issue arises in the management of NAPI (New API) structures, which are used for packet processing in network drivers. The vulnerability occurs because the driver adds NAPI structures for all allocated queue vectors but may remove them for only a portion before freeing the queue vectors. This leaves invalid pointers in the device's NAPI list, potentially leading to memory corruption or other unintended behavior.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where memory that has been freed is still accessed, leading to potential memory corruption.

Reproduction

The vulnerability can be reproduced by a script that manipulates the SR-IOV (Single Root I/O Virtualization) settings of a PCI device. The script allocates virtual functions, then deallocates them while simultaneously configuring network interfaces associated with the virtual functions. This process creates a race condition that triggers the use-after-free vulnerability in the IAVF driver.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been fixed. The patch is available in the Linux kernel stable tree.