Linux Kernel Coresight ETR Buffer Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's Coresight component, specifically within the Event Trace Router (ETR) functionality. This issue arises when ETR is activated in 'CS_MODE_SYSFS'. If the buffer size is modified and ETR is re-enabled, the system's buffer will reference the newly allocated memory while deallocating the old memory. However, the ETR continues to reference the freed memory, leading to a use-after-free condition. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, potentially allowing for memory corruption or arbitrary code execution.

Reproduction

To reproduce this vulnerability, enable the Coresight ETR in 'CS_MODE_SYSFS' and then change the buffer size. When ETR is re-enabled, the old buffer is freed while the ETR still points to the now-freed memory, creating a use-after-free situation.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.