CVE-2023-54019

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A use-after-free (UAF) issue exists in the Linux kernel related to PSI (Pressure Stall Information) trigger polling within cgroups. The issue occurs when destroying a psi trigger during cgroup removal while a polling process is still accessing its waitqueue, leading to a potential UAF condition. Specifically, the vulnerability arises from differing lifecycles between the psi trigger's waitqueue and the associated file. The problem affects both epoll() and synchronous poll() cases. The root cause is the destruction of the trigger's waitqueue head while a polling process is still accessing it, resulting in access to freed memory. The issue is triggered through a call chain involving cgroup file release, cgroup pressure release, psi trigger destroy, and wake up pollfree. The fix involves using kernfs polling functions to tie the waitqueue lifecycle to the file's lifecycle.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.