André Draszik

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue has been identified in the Linux kernel, specifically in the UFS core. The vulnerability occurs when the `devm blk crypto profile init()` function registers a cleanup handler to run when the associated platform device is being released. However, the `struct ufs hba::crypto profile` is released before the platform device, causing a use-after-free situation. This issue arises during driver release or error handling in `ufshcd pltfrm init()`. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** To resolve this issue, it is recommended to update the Linux kernel to a version that includes the fix for this use-after-free issue. Specifically, the `ufshcd alloc host()` function should be modified to register a devres action to automatically cleanup the underlying SCSI device on ufshcd destruction, without requiring explicit calls to `ufshcd dealloc host()`. As a temporary workaround, consider disabling the `devm blk crypto profile init()` function until a patch is available. However, since the exact affected versions are not specified, it is crucial to apply the fix to all potentially vulnerable versions of the Linux kernel. At the moment, there is no information about a newer version that contains a fix for this vulnerability.