Linux Kernel IPC Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Inter-Process Communication (IPC) subsystem. The issue arises because the 'idr_for_each()' function, which is used to iterate over IDR (Integer Double-Ended Queue) entries, is not properly protected by a Read-Copy Update (RCU) read-critical region. This lack of protection can lead to a race condition where memory is freed while still being accessed, potentially allowing for the reading of invalid memory. The vulnerability has been addressed by ensuring that 'idr_for_each()' is called within an RCU read-critical region when destroying orphaned shared memory segments.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, allowing for the reading of freed memory, which could be manipulated to cause undefined behavior in the kernel, such as executing arbitrary code or causing a system crash.