Linux Kernel Mediatek MT8186 Audio Driver Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Mediatek MT8186 audio driver within the Linux kernel. This issue arises in the driver's removal process, where the order of operations can lead to freeing memory that is still in use. The problem occurs because the driver improperly manages its resources when using the 'devm' memory management functions. Specifically, during the initialization of the audio clock, the driver registers a clock resource and then calls several other 'devm' functions. When the driver is removed, it attempts to unregister the clock before freeing the associated resources, leading to a use-after-free condition. This vulnerability has been addressed by correcting the order of operations to ensure proper resource management.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by loading the Mediatek MT8186 audio driver, which improperly handles the initialization and deinitialization of audio clock resources. This mismanagement creates a use-after-free condition when the driver is removed, as it frees resources in the wrong order, potentially leading to memory corruption.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.