CVE-2022-49087

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description A race condition exists in the Linux kernel, specifically in the rxrpc exit net() function. This issue can lead to a use-after-free error when the peer keepalive timer is still armed while rxrpc exit net() exits. The problem arises from the interaction between rxrpc exit net() and rxrpc peer keepalive worker(), where the timer is reduced after it has been deleted, resulting in an active object being freed. This has been identified through a syzbot report, which highlighted the issue with a warning about a CPU and a PID, indicating a potential use-after-free error.

Recommendations For Linux kernel versions prior to the fixed version, consider applying the patch that fixes the race condition in rxrpc exit net() to prevent the use-after-free error. As a temporary workaround, consider disabling the rxrpc peer keepalive worker() function until a patch is available. Restrict access to the vulnerable rxrpc exit net() function to minimize the risk of exploitation. Avoid using the peer keepalive timer in the affected code path until the issue is resolved.