Linux Kernel Use-After-Free Vulnerability in Writeback Management

A use-after-free vulnerability has been identified in the Linux kernel's writeback management system. This issue arises in the `__mark_inode_dirty()` function, which improperly handles the `bdi_writeback` structure during a transition process, leading to potential memory access errors. The vulnerability was observed in Linux kernel version 6.6.56.

Impact

Exploitation of this vulnerability causes a use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by triggering a write operation on a file managed by the ext4 filesystem. This can be done by using a program that writes data to the file, such as a script that generates random data. The `systemd-random-seed` service, which writes random data to the filesystem, can be used to reproduce this vulnerability. The write operation will cause the `__mark_inode_dirty()` function to be called, during which the use-after-free condition will be triggered.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.