Linux Kernel Use-After-Free Vulnerability in DRM Component

A use-after-free vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) component. This issue arises when framebuffers and property blobs are improperly managed during the unplugging of a DRM device, particularly after the associated compositor has exited. The vulnerability was discovered while testing the Intel Graphics Test Suite's 'xe_module_load --r reload' command, which triggered warnings about leaked framebuffers and property blobs. These warnings indicated that freed pointers were being dereferenced, leading to potential memory access violations.

Impact

Exploitation of this vulnerability causes a general protection fault, with the kernel oopsing due to a non-canonical address access. This type of fault can lead to arbitrary code execution or a denial-of-service condition, where the system becomes unresponsive or crashes.

Reproduction

The vulnerability can be reproduced by loading the Intel graphics module with the 'xe_module_load --r reload' option, while a full desktop environment and a game are running. This scenario triggers the improper management of DRM file references, leading to the use-after-free condition when the compositor exits.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.