Executive Summary

This vulnerability is a use-after-free issue in the Linux kernel's nvdimm bus asynchronous initialization process. Specifically, when the function device_add() fails during the asynchronous device registration (nd_async_device_register()), the reference count of the device drops to zero before the parent device pointer is accessed. This causes the system to access memory that has already been freed, leading to a use-after-free condition.

The root cause was that although a reference on the parent device was supposed to be held until asynchronous initialization completed, if device_add() failed due to allocation failure, the reference count was decremented prematurely. The fix involved saving a reference to the parent pointer so that the parent reference could be properly dropped regardless of the outcome of device_add().

Useful 0 Not Useful 0

Impact Analysis

A use-after-free vulnerability can lead to undefined behavior including system crashes, data corruption, or potential escalation of privileges if exploited. In this case, the Linux kernel could access freed memory during device initialization, which might cause instability or security issues on systems using the affected nvdimm bus asynchronous initialization code.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability in the Linux kernel related to a use after free in asynchronous initialization of nvdimm devices can be mitigated by applying the patch that fixes the reference counting issue in nd_async_device_register().

Specifically, ensure your Linux kernel is updated to a version that includes the commit b6eae0f61db2 or later, which holds a reference on the parent device until asynchronous initialization completes, preventing the use after free condition.

Useful 0 Not Useful 0