Linux Kernel Auxiliary Device Use-After-Free Vulnerability in Microsoft Mana Driver

A use-after-free vulnerability has been identified in the Linux kernel's Microsoft Mana network driver. This issue arises in the 'add_adev()' function when the 'auxiliary_device_add()' call fails. The function then calls 'auxiliary_device_uninit(adev)', which triggers the release callback, freeing the associated 'mana_adev' structure. Since 'adev' is embedded within 'mana_adev', this can lead to a use-after-free condition when the function subsequently accesses 'adev->id'. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Reproduction

To reproduce this vulnerability, trigger a failure in the 'auxiliary_device_add()' function within the 'add_adev()' method of the Microsoft Mana driver. This will cause the function to call 'auxiliary_device_uninit(adev)', freeing the 'mana_adev' structure while 'adev' is still being accessed, leading to a use-after-free condition.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.