A Use-After-Free vulnerability in the Linux kernel’s test_hmm module could allow an attacker to trigger memory corruption and potentially achieve code execution.

This flaw exists in the test_hmm (Heterogeneous Memory Management) test module. The kernel fails to properly evict device pages when a file is closed, resulting in a Use-After-Free condition that can be triggered by a local user.

With a CVSS score of 7.8, this vulnerability poses a high risk to system stability and security. Exploitation could allow an attacker to gain elevated privileges or cause a Denial of Service by corrupting kernel memory structures associated with device management.

Immediate Action: Apply the vendor-provided security update to the Linux kernel to ensure proper memory management in the test_hmm module.

Proactive Monitoring: Monitor for unexpected kernel module behavior or errors related to memory management during file system operations.

Compensating Controls: If the test_hmm module is not needed for production, ensure it is blacklisted or not loaded by the kernel.

Public Exploit Available: false

While this is a test module, vulnerabilities within the kernel space must be treated with high priority. Users are encouraged to apply the patch immediately to close this potential attack vector.