Content: A vulnerability in the Linux kernel has been discovered and resolved that could potentially lead to use-after-free and memory leaks, which in turn can lead to system instability and potential security risks.
The vulnerability is found in the "mac802154" subsystem, specifically in the "mac802154_llsec_key_del" function, which is responsible for handling the necessary deleting and releasing operation for key resources. This function doesn't follow the proper RCU (Read-Copy-Update) rules and may, therefore, lead to a use-after-free issue.
The issue stems from the improper handling of resource release in the RCU callback function "mac802154_llsec_key_del_rcu()". Furthermore, the "ieee802154_llsec_key_entry" structures are not freed correctly by "mac802154_llsec_key_del()" leading to potential memory leaks.
The problem was discovered and reported by the Linux Verification Center (linuxtesting.org) through the following warning message:
refcount_t: addition on ; use-after-free.
WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+x162/x2a
To fix the issue, the proper resource release handling should be added to the "mac802154_llsec_key_del_rcu()" function. Additionally, it is essential to observe the RCU grace period before freeing the corresponding key resources.
The vulnerability has been patched in the latest Linux kernel update. Users are urged to apply any applicable updates to ensure their systems are protected against this and other potential security vulnerabilities.
Original References
1. Linux kernel Git commit fixing the issue
2. Linux Verification Center
Timeline
Published on: 05/01/2024 06:15:12 UTC
Last modified on: 06/25/2024 22:15:27 UTC