Linux Kernel Block Subsystem Use-After-Free Vulnerability in BFQ I/O Scheduler

A use-after-free vulnerability has been identified in the Linux kernel's block subsystem, specifically within the BFQ I/O scheduler. This vulnerability, present in version 6.6, allows for a slab-use-after-free condition, where freed memory is accessed, potentially leading to memory corruption or arbitrary code execution. The issue arises in the 'bfq_init_rq' function when handling request queues, and can be triggered by certain I/O operations, such as those performed by the 'fsstress' workload.

Impact

Exploitation of this vulnerability can lead to memory corruption, allowing for arbitrary code execution or other unintended behavior in the kernel.

Reproduction

The vulnerability can be reproduced by using the 'fsstress' tool, which generates file system I/O stress. This workload triggers the BFQ I/O scheduler to manage request queues, exposing the use-after-free condition in the process.