CVE-2023-3141: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free flaw was discovered in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. The vulnerability was discovered in March 2023 and affects Linux kernel versions prior to 6.4-rc1. The issue occurs in the Ricoh R5C592 MemoryStick card reader driver during module unload operations (Kernel Git, NVD).

The vulnerability stems from a race condition in the r592remove function. When the module is removed, there may be an unfinished work due to a timer function (r592detecttimer) being invoked by modtimer in the r592_irq function. The race condition occurs between the timer function execution and module cleanup, potentially leading to use-after-free of the host structure. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H (NVD).

This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. The vulnerability requires local access and can result in high confidentiality and availability impacts (NVD, NetApp Advisory).

The issue has been fixed by adding deltimersync(&dev->detecttimer) before cleanup in r592remove function. This ensures that any pending timer operations are completed before proceeding with the module cleanup. The fix was implemented in Linux kernel version 6.4-rc1 (Kernel Git, Debian LTS).

Various Linux distributions and vendors have responded to this vulnerability by releasing security updates. Debian included fixes in multiple versions including 4.19.289-1 and 5.10.197-1~deb10u1. NetApp has assessed the vulnerability's impact on their products and provided detailed advisories for affected systems (Debian LTS, NetApp Advisory).