Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

The Linux kernel contains a use-after-free flaw within the comedi subsystem. This issue occurs due to the removal of allocated asynchronous areas while poll requests are still active, potentially leading to a use-after-free when poll entries are triggered or removed. The vulnerability is addressed by ensuring that no tasks are queued on subdevice wait queues before allowing device detachment via the `COMEDI DEVCONFIG` ioctl. The `comedi device detach()` function was refactored into `comedi device detach locked()` to ensure proper locking during the detachment process.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.