Ramji Jiyani

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.18 Description: The vulnerability is related to a use-after-free error in the Linux kernel's aio component. This error occurs when the `aio poll wake()` function is called and the `POLLFREE` notification is not handled properly, allowing a use-after-free to occur if a `signalfd` or `binder fd` is polled with `aio poll` and the waitqueue gets freed. The issue is caused by the fact that `aio poll` does not handle `POLLFREE` notifications, unlike `eventpoll`. To fix this, a patch was applied to make `aio poll` handle `POLLFREE` in a deadlock-free way, taking advantage of the fact that freeing of the waitqueue is RCU-delayed. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the use-after-free error in the aio component. Specifically, update to a version later than 4.18. Note: The provided input descriptions do not mention specific fixed versions or patchdays, so the recommendation is based on the information that the vulnerability was introduced in kernel v4.18.