Linux Kernel MOST USB Subsystem Double Free Vulnerability

A vulnerability in the Linux kernel's USB driver for the MOST subsystem has been addressed. This issue arose from a non-standard registration function that improperly managed memory, leading to double free errors and use-after-free conditions, particularly during late probe failures. The vulnerability was linked to recent changes that exacerbated existing reference management issues within the USB driver.

Impact

The vulnerability could be exploited to cause memory corruption through double free errors, potentially leading to arbitrary code execution or other memory-related vulnerabilities.

Reproduction

The vulnerability can be reproduced by using a USB device that interfaces with the MOST subsystem, particularly one that triggers late probe failures. The improper memory management will result in double free errors and use-after-free conditions, which can be exploited to cause memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.