Linux Kernel SMC Prefix Match Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Socket Memory Control (SMC) implementation. The issue arises in the 'smc_clc_prfx_match' function, which is called by 'smc_listen_work' without proper protection under Read-Copy Update (RCU) or the Route Netlink (RTNL) lock. This oversight can lead to accessing a freed memory reference by using 'sk_dst_get(sk)->dev', potentially causing a use-after-free condition. The vulnerability has been addressed by modifying the function to use '__sk_dst_get()' and 'dst_dev_rcu()' instead, ensuring safer memory access.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is '235f81045c008169cc4e1955b4a64e118eebe61b', which is available in the Linux kernel stable tree.