Linux Kernel Use-After-Free Vulnerability in IBM Power Meter Driver

A use-after-free vulnerability has been identified in the Linux kernel's IBM power meter driver within the high/low store function. This issue arises because the function retrieves driver data without proper validation, creating a race condition. As a result, the sysfs callback can be triggered after the data structure has been freed, leading to a use-after-free scenario. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can commonly result in memory corruption and potentially allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, the IBM power meter driver must be loaded into the Linux kernel. Once the driver is active, a race condition can be created by invoking the sysfs callback for the high/low store function. This can be done by writing to the corresponding sysfs attribute, which will trigger the callback. If the timing is right, the callback can be called after the data structure has been freed, causing a use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.