Linux Kernel Unittest Component Use-After-Free Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's unittest component. The issue arises in the 'of_unittest_changeset' function, where the 'parent' variable is assigned the same value as 'nchangeset', pointing to the same struct device_node. The vulnerability occurs when 'of_node_put(nchangeset)' is called, potentially freeing the node if no other references exist. Subsequently, the code still uses 'parent' to access properties, leading to a use-after-free condition. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to a use-after-free condition, which may be exploited to cause memory corruption or execute arbitrary code.

Reproduction

The vulnerability can be reproduced by applying a changeset in the unittest framework that involves modifying a device node's properties. The 'of_unittest_changeset' function can be used to demonstrate the issue, as it inadvertently creates a use-after-free scenario by releasing a node reference before the last property access.

Remediation

The vulnerability has been fixed by adjusting the order of operations in the 'of_unittest_changeset' function. Users should upgrade to the latest version of the Linux kernel stable tree where this fix has been applied.