Linux Kernel HID Appletb Keyboard Driver Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's HID appletb keyboard driver. This issue arises from improper management of a timer associated with the driver's inactivity handling. The vulnerability is present in the stable branch of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, where a freed memory area is accessed, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by triggering the driver's inactivity timer while simultaneously unbinding the backlight device. This can be done by forcing a late '.event' callback from the HID core, which re-arms the timer just before the backlight device is freed, causing the timer to fire on a now-invalid memory reference.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.