Linux Kernel Work Queue Vulnerability in Crypto API Instance Management

A vulnerability in the Linux kernel's crypto API can lead to improper instance management. The issue arises when an instance is unregistered while still in use, causing it to be freed in an atomic context instead of the required process context. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause instances in the crypto API to be improperly managed, potentially leading to use-after-free conditions or other memory management issues.

Reproduction

The vulnerability can be reproduced by registering a crypto instance and then unregistering it while it still has active users. This will cause the instance to be freed in an atomic context, which is not the expected behavior.

Remediation

The vulnerability has been addressed by modifying the instance management to use a work queue, ensuring that instances are freed in the correct process context. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.