Linux Kernel ACPI Processor Use-After-Free Vulnerability in Error Handling

A use-after-free vulnerability has been identified in the Linux kernel's ACPI processor error handling, specifically in the function acpi_processor_errata_piix4(). This issue arises from device pointers being dereferenced after the corresponding device object references have been dropped, potentially leading to memory corruption. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can be exploited to cause a use-after-free condition, which may lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by triggering the ACPI processor error handling for devices that have the relevant errata flags unset. This can be done by manipulating the ACPI processor driver to reference devices in a way that causes the flags to be ignored, leading to the erroneous handling that creates the use-after-free condition.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.