Linux Kernel iMON Driver Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's iMON driver, specifically in versions prior to the latest stable release. The issue arises because the driver improperly manages the reference count of the usb_device when disconnecting from an interface. This mismanagement can lead to a use-after-free condition, where the driver attempts to access a usb_device that has already been freed, potentially causing memory corruption or allowing for arbitrary code execution.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, where a freed memory location is accessed, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by writing to a virtual file descriptor associated with an iMON device while simultaneously disconnecting the device. This can be done using a tool like Syzkaller, which can automate the process of sending write requests to the device while it is being disconnected.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.