Linux Kernel IPMI User Message Limit Handling Vulnerability

A vulnerability in the Linux kernel's IPMI (Intelligent Platform Management Interface) subsystem has been addressed. The issue stemmed from improper management of user message limits, leading to incorrect message counting and a use-after-free condition. This vulnerability could potentially be exploited to cause memory corruption. The fix involves reorganizing the message handling process to improve safety and clarity, ensuring that reference counting and user message limits are accurately maintained.

Impact

The vulnerability could be exploited to create a use-after-free condition, potentially leading to memory corruption.

Reproduction

The vulnerability can be reproduced by using the IPMI subsystem in the Linux kernel. The improper handling of user message limits can be triggered by exceeding the maximum number of messages allowed per user, which is not properly enforced in the vulnerable versions. This can be done by manipulating IPMI message handling in a way that exceeds the allocated limits, causing a use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.