Linux Kernel UBI Subsystem Use-After-Free Vulnerability in Wear-Leveling Management

A use-after-free vulnerability has been identified in the Linux kernel's UBI (Unsorted Block Images) subsystem, specifically within the wear-leveling management. This issue arises because a wear-leveling entry can be improperly freed during an error handling process, only to be accessed again later, leading to potential memory corruption. The vulnerability is present in the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by triggering an error in the wear-leveling worker process, which will cause a wear-leveling entry to be freed. This freed entry can then be accessed again in the 'eraseblk_count_seq_show' function, creating a use-after-free condition. The UBI wear-leveling management can be monitored through a debugfs file that tracks the state of physical erase blocks, which can help in reproducing the vulnerability.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.