CVE-2023-25012: 
Linux Kernel vulnerability analysis and mitigation

The Linux kernel through 6.1.9 contains a Use-After-Free vulnerability (CVE-2023-25012) in the bigben_remove function in drivers/hid/hid-bigbenff.c. The vulnerability can be triggered via a crafted USB device because the LED controllers remain registered for too long. This vulnerability was discovered and reported by Pietro Borrello in January 2023 (OSS Security).

The vulnerability occurs due to a race condition where the LED controller bigbensetled() may schedule a worker after the device structure has been freed during device removal. The workstruct is embedded in struct bigbendevice, and when the device is removed, struct bigben_device is freed while the LED controllers are still registered. This leads to a use-after-free condition when accessing the freed memory (Kernel Commit).

An attacker able to insert and remove USB devices can exploit this vulnerability to cause a denial of service (system crash or memory corruption) or potentially execute arbitrary code in the kernel context (Debian Security).

The issue has been fixed through a series of patches that implement proper synchronization using spinlocks and deregister LED controllers before device removal. The fixes include using spinlock to protect concurrent accesses and safely schedule workers. The patches have been merged into the mainline kernel (Kernel Commit, Kernel Commit).