Linux Kernel PowerPC pSeries VAS Window Structure Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's PowerPC pSeries VAS (Virtual Address Space) implementation. When a 'paste' address is mapped, the corresponding VMA (Virtual Memory Area) address is stored in the VAS window structure. This VMA is supposed to be updated during migration to unmap the paste address if the window is active. However, the VMA is not properly updated when the 'munmap' operation is performed, leading to invalid memory access during migration. This issue was highlighted by a KASAN (Kernel Address Sanitizer) report, which documented the slab-use-after-free error occurring in the 'reconfig_close_windows' function, triggered by the 'drmgr' task.

Impact

Exploitation of this vulnerability causes a use-after-free condition, leading to a slab memory corruption issue. This type of vulnerability can often be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.