CVE-2023-54101

Vulnerability

In the Linux kernel's Xilinx soc driver, a use-after-free vulnerability exists in code using the hash_for_each_possible() macro. The loop dereferences eve_data to obtain the next list item, but eve_data can be freed inside the loop. This leads to a use-after-free condition if the freed memory is accessed.

Exploitation

An attacker with local access and the ability to trigger the vulnerable code path could exploit this bug. The attack surface is limited to systems using the Xilinx driver, but no special privileges beyond local user access are required to trigger the loop.

Impact

Successful exploitation could allow an attacker to cause a kernel crash (denial of service) or potentially escalate privileges, as use-after-free bugs in kernel drivers are often exploitable for arbitrary code execution.

Mitigation

The fix is to use the safe iterator hash_for_each_possible_safe(), which ensures proper handling when elements are freed during traversal. This commit is included in upstream Linux kernels; users should apply the patch or update to a kernel version containing the fix [1].