Linux Kernel EBUSY Handling Vulnerability in ESSIV Crypto Module Causes Use-After-Free

A use-after-free vulnerability has been identified in the Linux kernel's ESSIV crypto module. This issue arises because the ESSIV implementation only properly handles the EINPROGRESS return value, freeing associated data in all other cases. However, since the caller can specify MAY_BACKLOG, the module should also anticipate and correctly manage the EBUSY return value. Failure to do so can lead to backlogged requests inadvertently causing a use-after-free condition.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by sending a backlogged request to the ESSIV crypto module that includes the EBUSY return value. This will trigger the use-after-free condition by causing the module to improperly free associated data, creating a potential opportunity for exploitation.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux kernel official website.