Linux Kernel Virtuser GPIO Driver Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's gpio-virtuser configfs release path. This issue arises because the device structure is protected by a mutex guard, but the device is freed before the guard can be properly cleaned up. As a result, the mutex_unlock() function attempts to operate on memory that has already been freed, leading to a slab use-after-free condition. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where freed memory is accessed, potentially leading to memory corruption or arbitrary code execution.

Reproduction

The vulnerability can be reproduced by activating the gpio-virtuser device, which is a virtual testing driver for the GPIO API. Once the device is live, it can be deactivated, but the release process will incorrectly handle the mutex, freeing the device before the mutex guard is released. This mismanagement of the mutex leads to the use-after-free vulnerability.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.