Linux 6.17 Released With Fix for use-after-free Vulnerabilities

Linus Torvalds has announced the release of Linux Kernel 6.17, a new version focused on stability and incremental improvements rather than groundbreaking features. The update brings a host of bug fixes, security enhancements, and driver updates across various subsystems.

In his release message, Torvalds described the final week of development as having “no huge surprises,” which he considers a positive indicator of a smooth release cycle.

A notable fix for the Bluetooth subsystem is the most significant change in the last week. This patch addresses locking issues that could lead to race conditions and use-after-free (UAF) vulnerabilities, which are critical memory safety flaws.

Linux 6.17 Security and Stability Fixes

While the overall release was quiet, version 6.17 includes several important fixes that bolster the kernel’s security and reliability.

• Bluetooth Vulnerabilities: Multiple patches were merged to resolve UAF bugs in the Bluetooth stack, including in the HCI (Host Controller Interface) and MGMT (Management) layers. These fixes prevent potential system crashes or security exploits related to device connections and advertising.
• Virtualization and I/O: The vhost-net driver, essential for high-performance virtualized networking, received fixes to correct busy-polling behavior. Additionally, the iommufd subsystem, which provides userspace access to I/O Memory Management Units, was patched to fix race conditions during memory mapping.
• Core Kernel: Fixes were applied to the futex (Fast Userspace Mutex) implementation to prevent a use-after-free condition during requeue operations, improving the robustness of a core synchronization mechanism.
• Networking: The xfrm subsystem, which handles IPsec configurations, was updated to prevent the allocation of a zero-value Security Parameter Index (SPI) and to fix offloading for certain tunnels.

As with any kernel release, version 6.17 incorporates a broad range of updates for hardware drivers and core subsystems. The shortlog reveals contributions affecting numerous components.

• Graphics Drivers: Updates were made to the Direct Rendering Manager (DRM) drivers for AMD, Intel (Xe), and Panthor GPUs.
• Networking: Various networking drivers saw improvements, including those for Mellanox, Intel (i40e), and Broadcom hardware. Multiple CAN (Controller Area Network) bus drivers were also updated to prevent potential buffer overflows.
• Filesystems and Storage: The Btrfs filesystem received a fix for zoned devices, and the core block layer was improved to handle devices with zero sectors correctly.
• Platform Support: Patches were added to improve support for various ARM-based SoCs from Rockchip, Marvell, and Allwinner, as well as for x86 platforms from Dell and LG.

With this release finalized, the merge window for Linux 6.18 is now open. Torvalds noted that he has already received dozens of pull requests, indicating that the development community is already hard at work on the next version of the kernel.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Linux 6.17 Released With Fix for use-after-free Vulnerabilities appeared first on Cyber Security News.