Linux Kernel VFIO/PPCI Double Free Vulnerability in DMA-Buf Feature

A double free vulnerability has been identified in the Linux kernel's VFIO PCI subsystem, specifically within the DMA-buf feature. This issue arises because the error handling path in the function 'vfio_pci_core_feature_dma_buf' improperly manages reference counts. It fails to follow the correct procedure for releasing DMA-buf references, which can lead to file descriptor exhaustion. As a result, the reference count on the VFIO device becomes unbalanced, causing a double free of allocated objects.

Impact

Exploitation of this vulnerability can lead to memory management issues, specifically a double free condition, which can be exploited to cause use-after-free vulnerabilities or memory corruption.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is available in the Linux kernel stable tree.