Linux Kernel ixgbe Driver Use-After-Free Vulnerability in Devlink Handling

A use-after-free vulnerability has been identified in the Linux kernel's ixgbe network driver. This issue arises because the ixgbe adapter is embedded within the devlink framework. The vulnerability occurs when devlink_free() is called too early in the ixgbe_remove() function, leading to a use-after-free condition. The problem was highlighted by a KASAN (Kernel Address Sanitizer) report, which indicated that a read operation of size 8 bytes was performed from a freed memory address, potentially allowing for memory corruption or exploitation.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by removing a PCI device that uses the ixgbe driver. The ixgbe_remove() function will be called, which improperly frees the devlink resource before all driver operations are completed. This premature release can be observed as a use-after-free error in the KASAN report.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is 5feef67b646d8f5064bac288e22204ffba2b9a4a.