Linux Kernel Double Free Vulnerability in Page Pool Management

A double free vulnerability has been identified in the Linux kernel's network library, specifically within the page pool management. The issue arises in the 'libwx' component, where the 'page_pool_put_full_page()' function is redundantly called. This function should only be used when freeing receive buffers or constructing a socket buffer (skb) if the size is insufficient. At other times, the pages should be reused. The unnecessary double free of pages leads to a kernel panic, causing a system crash.

Impact

Exploitation of this vulnerability causes a kernel panic, leading to a system crash.

Reproduction

The vulnerability can be reproduced by triggering the conditions under which 'page_pool_put_full_page()' is called redundantly, causing a double free of memory pages. This can be done by manipulating network receive buffers or socket buffer sizes in a way that exploits the incorrect page pool management.