Linux Kernel Max96712 Module Use-After-Free Vulnerability Leading to Kernel Oops

A use-after-free vulnerability has been identified in the Linux kernel's staging media subsystem, specifically within the max96712 module. This issue occurs when the module is removed, leading to a kernel oops error. The problem arises because the v4l2_i2c_subdev_init() function overwrites a pointer, causing the wrong data to be passed to the v4l2_async_unregister_subdev() function during module removal. As a result, the kernel encounters a memory access violation, triggering a crash.

Impact

The vulnerability causes a kernel oops, which is a serious error that can lead to a system crash. This type of error occurs when the kernel encounters an unexpected condition that it cannot handle, often due to invalid memory access.

Reproduction

To reproduce this vulnerability, load the max96712 module into the Linux kernel. Once the module is active, remove it using the rmmod command. This action will trigger the kernel oops error, indicating that the vulnerability has been successfully exploited.