Linux Kernel Use-After-Free Vulnerability in ICSSG PRUETH Ethernet Driver

A use-after-free vulnerability has been identified in the Linux kernel's ICSSG PRUETH Ethernet driver. This issue arises in the RX path, specifically within the 'emac_rx_packet' and 'emac_rx_packet_zc' functions. The vulnerability occurs because the CPPI descriptor is freed before the 'psdata' pointer, which references data in the descriptor, is used by the 'emac_rx_timestamp' function. As a result, 'psdata[0]' and 'psdata[1]' are accessed after the descriptor has been freed, leading to a use-after-free condition for every received packet that goes through the timestamp processing.

Impact

Exploitation of this vulnerability causes a use-after-free condition, which can lead to memory corruption and potentially allow for arbitrary code execution.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux kernel's official website.