Linux Kernel Unlink NAPIs from Queues on Error to Open Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's AF_XDP implementation for the fbnic driver. This issue arises when the NAPI (Network API) pointer is not properly cleared from the queue after a failure to open the device, leading to the NAPI being accessed after it has been freed. The vulnerability was exposed during the queues.py test.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can commonly be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by running the queues.py test with a device that fails to open properly. This will result in the NAPI pointer being freed without being cleared from the queue, creating a use-after-free condition when the NAPI is accessed later.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.