Linux Kernel XFRM Interface Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's XFRM interface management. This issue arises when the 'collect_md' property is improperly modified after the interface has been created, leading to a double free error when the network namespace is destroyed. The vulnerability is present in the XFRM subsystem, specifically within the interface management code.

Impact

Exploitation of this vulnerability causes a kernel crash due to a double free error, which can potentially be exploited to execute arbitrary code in the kernel context.

Reproduction

The vulnerability can be reproduced by creating an XFRM interface and setting the 'collect_md' property. Once the interface is established, attempt to change the 'collect_md' setting, which should trigger the vulnerability by causing a use-after-free condition. This can be observed by monitoring the system for a kernel crash, which will be logged as an 'Oops' message, indicating an invalid operation code error, along with a stack trace showing the call sequence that led to the crash.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the patched kernel can be found on the official Linux kernel website.