Linux Kernel Use-After-Free Vulnerability in ATM LEC Handling

A use-after-free vulnerability has been identified in the Linux kernel's ATM LEC (Logical Link Control) component. The issue arises in the 'lecd_attach' function, where an error path could leave a dangling pointer in the 'dev_lec' array. This vulnerability was discovered by syzbot during a fuzzing process. The problem can be exploited through the 'lane_ioctl' function, leading to a memory access error. The vulnerability has been addressed by adding a mutex to protect the 'dev_lec' array from concurrent modifications, particularly during attachment and multicast operations.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, where memory that has been freed is still accessed, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by invoking the 'lane_ioctl' function, which triggers the 'lecd_attach' function in the ATM LEC component. This process can be automated using a fuzzer, such as syzkaller, which is known to discover such vulnerabilities by sending random inputs to the kernel.

Remediation

Users should upgrade to the latest version of the Linux kernel where this vulnerability has been patched.