Linux Kernel Xilinx SOC Driver Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Xilinx SOC driver. The issue arises because the `hash_for_each_possible()` loop improperly manages the `eve_data` pointer, dereferencing it to access the next item in the list while simultaneously freeing it. This mismanagement leads to a use-after-free condition. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by using the Xilinx event management driver in the Linux kernel. The issue occurs when the driver callbacks are managed, as the loop iterator used to traverse event data improperly frees the data while still in use, leading to a use-after-free scenario.

Remediation

The vulnerability has been fixed by replacing the unsafe loop iterator with a safe version that prevents the use-after-free condition. Users should upgrade to the patched version of the Linux kernel.