chill <maximkabox13@xxxxxxxxx> writes: > this looks like a real uaf vulnerability and can be executed by the user The potential to use memory after it has been freed appears completely real. As such it is a bug and it should definitely be fixed. That is as far as I can see. What I don't see, and I am very bad at this so I could be missing something, is what bad thing kthread_is_per_cpu could be tricked into doing. I see a window of a single instruction which reads a single bit that normally will return false. If that bit instead reads true it looks like the scheduler will simply decide to not run the process on another cpu. So I will put this change in linux-next. It will be tested and I will send it to Linus when the merge window for v5.19 opens. After Linus merges this I expect after a week or so it will be backported to the various stable kernels. Not that it needs to go farther than about v5.17 where I introduced the bug. Eric
