Linux Kernel Octeon EP VF Free IRQ Dev ID Mismatch Vulnerability Leading to Use-After-Free

A vulnerability in the Linux kernel's Octeon EP virtual function (VF) network driver can cause a use-after-free condition or a crash. This issue arises because the driver improperly manages interrupt request (IRQ) identifiers during error handling. When the driver requests MSI-X queue IRQs, it uses the I/O queue vector as the device ID. If this request fails partway, the rollback process frees the IRQ using a different device ID, which can leave the IRQ action registered. As a result, IRQ handlers may remain active while the I/O queue vector is later freed, leading to a use-after-free situation or a crash when an interrupt occurs.

Impact

This vulnerability can cause a use-after-free condition or a crash when an interrupt is processed, potentially leading to memory corruption or instability in the system.

Remediation

Users can apply the patch available in the Linux kernel stable tree to address this vulnerability. The patch is included in the official Linux kernel repositories.