Name of the Vulnerable Software and Affected Versions:

Linux kernel (affected versions not specified)

Description:

The Linux kernel contains a use-after-free (UAF) vulnerability in the `export dmabuf()` function related to descriptor table management. Specifically, a file reference could be inserted into the descriptor table and then closed by another thread before it is fully initialized, leading to a UAF condition when accessing objects destroyed on close. The `dma buf fd()` function, used in `habanalabs export dmabuf()`, is susceptible to this issue as it combines descriptor reservation and `fd install()`. The fix involves reserving the descriptor before any other operations and performing `fd install()` only after complete setup.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.