Linux Kernel Futex Requeue Flag Mismatch Vulnerability

A use-after-free vulnerability has been addressed in the Linux kernel's futex subsystem. The issue arose because the 'sys_futex_requeue()' function could be called with differing flags, leading to potential memory management problems. This vulnerability was reported by Nicholas Carlini, who noted that an AI model identified the flag mismatch as a source of the use-after-free condition. The vulnerability exists in the Linux kernel stable tree.

Impact

The vulnerability could lead to a use-after-free condition, which may be exploitable to execute arbitrary code or cause a denial-of-service.

Reproduction

The vulnerability can be reproduced by invoking the 'sys_futex_requeue()' system call with different flags. This mismatch allows for a use-after-free condition to be created, potentially leading to memory corruption issues.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.