Linux Kernel Net MLX5 Devcom Use-After-Free Vulnerability in Device Registration

A use-after-free vulnerability has been identified in the Linux kernel's net/mlx5 component, specifically within the device communication registration process. This issue arises when the allocation of a private structure (priv) fails. The mlx5 driver automatically frees the priv, which may have been allocated by a different thread. This improper handling can lead to use-after-free bugs. The vulnerability affects the Linux kernel stable group.

Impact

The vulnerability could be exploited to create use-after-free conditions, potentially leading to memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by simulating a failure in the device communication allocation process within the mlx5 driver. This can be done by modifying the driver to force an allocation failure, while ensuring that the priv structure is still freed. This scenario creates a use-after-free condition, as the priv may be deallocated while still being referenced, leading to potential memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.