Linux Kernel Use-After-Free Vulnerability in SPI MPC52XX Driver

A use-after-free vulnerability has been identified in the Linux kernel's SPI MPC52XX driver. This issue arises when the controller registration fails, leading to a potential use-after-free condition and a resource leak. The vulnerability is present in the Linux kernel stable tree.

Impact

The vulnerability can lead to a use-after-free condition, which may be exploited to execute arbitrary code or cause a denial-of-service by crashing the system.

Reproduction

To reproduce this vulnerability, load the SPI MPC52XX driver into the Linux kernel. If the controller registration fails, the driver does not properly handle the failure, leading to a use-after-free condition. This can be observed by monitoring the driver's behavior during the registration process and ensuring that the failure is not correctly managed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The fixed version can be found in the Linux kernel Git repository under the commit ID 336d9ad7560b3baba17af06727a888040ee93390.