Linux Kernel Use-After-Free Vulnerability in Writeback Inode Switching

A use-after-free vulnerability has been identified in the Linux kernel's writeback subsystem, specifically within the inode_switch_wbs_work_fn() function. This issue arises because the function processes a list of items in a loop, which can lead to a scenario where a work item is still pending while the associated writeback structure has been freed. The vulnerability occurs in the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to use-after-free conditions, potentially allowing for arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by queuing work for a writeback structure while simultaneously removing items from the structure's context list. This creates a race condition where the writeback structure can be freed before the queued work has been processed, leading to a use-after-free scenario.

Remediation

Users can upgrade to the latest stable version of the Linux kernel to address this vulnerability.