Linux Kernel Double-Free Vulnerability in Kexec ELF Header Handling

A double-free vulnerability has been identified in the Linux kernel's handling of ELF headers during the kexec process on x86 architectures. This issue arises because, after a previous fix for a memory leak in ELF header management, an unnecessary free operation was left in place. The error handling path in the 'crash_load_segments' function incorrectly attempts to free the ELF headers, which can lead to a double-free scenario. The error path should not clear the ELF headers, as a dedicated cleanup function will manage that later.

Impact

Exploitation of this vulnerability could lead to a double-free condition, which may be exploited to cause memory corruption.

Reproduction

The vulnerability can be reproduced by loading a kernel image that includes ELF headers via the kexec mechanism. During the segment loading process, the 'crash_load_segments' function will be called, where the vulnerability can be triggered by the erroneous double-free of the ELF header buffer.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.