Linux Kernel cfg80211 Wi-Fi Subsystem Use-After-Free Vulnerability in Interface Shutdown

A use-after-free vulnerability has been identified in the Linux kernel's Wi-Fi subsystem, specifically within the cfg80211 module. This issue arises when the rfkill_block work is not properly canceled during the unregistration of a wiphy (wireless physical device), leading to a use-after-free condition. The vulnerability was discovered by the Linux Verification Center using Syzkaller, a fuzzing tool that tests for such memory management errors.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

The vulnerability can be reproduced by unregistering a wiphy without canceling the associated rfkill_block work. This can be done by simulating the unregistration process in a controlled environment, such as a virtual machine running QEMU.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version can be found in the Linux kernel documentation.