Linux Kernel Use-After-Free Vulnerability in Media Iris Component

A use-after-free vulnerability has been identified in the Linux kernel's media iris component, specifically during the Macro Blocks Per Frame (MBPF) checking process. This issue arises from a concurrency problem where multiple instances of the iris component can operate simultaneously. Each instance is protected by its own lock, while a separate lock manages the core list of active instances. The vulnerability occurs because the MBPF checker, which reads format source dimensions, can encounter a freed format source pointer from another thread, leading to dereferencing a dangling pointer. This flaw stems from improper synchronization between instance-specific and core-level locks, allowing invalid memory access during MBPF validation.

Impact

Exploitation of this vulnerability causes a use-after-free condition, where a freed memory pointer is accessed, potentially leading to arbitrary code execution or memory corruption.