Linux Kernel OCFS2 Double Free Vulnerability in User Cluster Connection Handling

A double free vulnerability has been identified in the Linux kernel's OCFS2 file system component. This issue arises in the 'user_cluster_connect()' function, where the error handling process inadvertently frees a memory reference that has already been released, leading to potential memory corruption. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to memory corruption, potentially allowing for arbitrary code execution or causing a denial of service by crashing the system.

Reproduction

The vulnerability can be reproduced by invoking the 'user_cluster_connect()' function within the OCFS2 file system context. When an error occurs, the function 'user_cluster_disconnect()' is called, which frees the 'cc_private' connection data. However, the error handling logic then attempts to free the same data again, causing a double free condition. This can be simulated by forcing an error in the cluster connection process, such as by providing an invalid locking version, which triggers the error handling and the double free.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.