Linux Kernel SCSI IMM Driver Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's SCSI IMM driver. This issue arises when the IMM parallel port SCSI host adapter is detached, leading to the deallocation of the associated device instance. However, if there are pending or executing delayed work items at that time, the work function can access freed memory, causing a use-after-free condition. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, allowing for potential memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by attaching a SCSI device using the IMM parallel port SCSI host adapter, then detaching the adapter while a SCSI command is still being processed. This can be done by manually scheduling a SCSI command and then initiating the detach process before the command has finished, causing the delayed work to access freed memory.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.