Linux Kernel RDMA/rxe Slab-Use-After-Free Vulnerability

A slab-use-after-free vulnerability has been identified in the Linux kernel's RDMA/rxe component. This issue arises when a net device is freed while an asynchronous work event is still queued to access it, leading to a use-after-free condition. The vulnerability was discovered during the execution of a workqueue task that processed a cached event for an Infiniband device, after the associated net device had already been unregistered and freed. This flaw allows for memory corruption, which could potentially be exploited to execute arbitrary code or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a slab-use-after-free condition, causing memory corruption that could be exploited to execute arbitrary code or create a denial-of-service situation.

Reproduction

The vulnerability can be reproduced by sending an 'ib_cache_event_task' event that is processed after the associated net device has been freed. This can be done by queuing the event in the Infiniband workqueue, then unregistering the net device before the event is processed, which triggers the use-after-free condition.