Linux Kernel Use-After-Free Vulnerability in MD Layer

A use-after-free vulnerability has been identified in the Linux kernel's MD (multiple device) layer. This issue arises from a race condition where the 'del_gendisk' function is called multiple times, leading to a general protection fault. The vulnerability occurs when the 'rdev remove' path releases a mutex and the 'md stop' process, which has marked the device as deleted, calls 'del_gendisk' again. This flaw has been addressed by introducing a new flag, 'MD_DO_DELETE', to prevent the race condition.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, causing a general protection fault and potentially allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by removing a 'rdev' device while another process is stopping the 'md' device, creating a race condition that triggers the use-after-free vulnerability.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.