Linux Kernel Use-After-Free Vulnerability in PSI Monitoring

A use-after-free vulnerability has been fixed in the Linux kernel's Pressure Stall Information (PSI) monitoring mechanism. This vulnerability allowed a race condition where epoll monitoring could access freed memory, leading to potential instability or exploitation. The issue was caused by improper management of file references during the enabling and disabling of cgroup pressure monitoring.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, allowing for memory corruption or potentially arbitrary code execution.

Reproduction

To reproduce this vulnerability, open a cgroup pressure file and establish epoll monitoring. Then, disable the monitoring, which releases the PSI triggers and frees the associated private data. While the epoll reference is still held, re-enable the monitoring, which accesses the freed data, causing the use-after-free condition.

Remediation

The vulnerability has been addressed by introducing a new function to safely manage references to kernfs open files, ensuring that operations are not performed on released file descriptors.