Linux Kernel Double Free Vulnerability in ALSA AC97 Controller Registration

A double free vulnerability has been identified in the Linux kernel's ALSA AC97 subsystem. The issue arises in the 'snd_ac97_controller_register' function, where improper management of device references can lead to memory corruption. Specifically, if 'ac97_add_adapter' fails, the device reference should be dropped using 'put_device()', but the current implementation incorrectly uses 'kfree()'. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a double free condition, which can cause memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by triggering a failure in the 'ac97_add_adapter' function while registering an AC97 controller. This can be done by manipulating the conditions that lead to a failure in adapter addition, causing the device reference to be incorrectly managed and creating a double free scenario.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version to mitigate this issue.