Linux Kernel I2C Core Double-Free Vulnerability in Device Unregistration

A use-after-free vulnerability has been identified in the Linux kernel's I2C core, specifically within the `i2c_unregister_device()` function. This issue arises from a double-free of the firmware node (fwnode) reference. The vulnerability was introduced in a previous commit that changed how fwnode references are managed during device unregistration. When an I2C client lacks a primary fwnode but has a software fwnode, the software fwnode is incorrectly treated as the primary node. This mismanagement leads to the software fwnode being freed twice, causing a reference count underflow and a subsequent use-after-free condition.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where memory that has been freed is still accessible, potentially allowing for arbitrary code execution or other memory corruption issues.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.