CVE-2024-1312: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2024-1312) was discovered in the Linux kernel's Memory Management subsystem, specifically in the mas_prev_slot function. The vulnerability was disclosed on February 8, 2024, affecting Linux kernel versions up to (excluding) 6.5. This security flaw occurs when a user wins two races simultaneously during VMA lock operations in lock_vma_under_rcu (NVD, RedHat Bugzilla).

The vulnerability is classified as a use-after-free (CWE-416) issue that occurs in the Linux kernel's Memory Management subsystem. The CVSS v3.1 base score is 4.7 (Medium), with a vector string of CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue arises during lock_vma_under_rcu() operations where a race condition can lead to a use-after-free scenario. The vulnerability requires local access and high complexity to exploit (NVD).

If successfully exploited, this vulnerability could allow a local user to crash the system. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).

The vulnerability has been fixed in Linux kernel version 6.5-rc4. Users are advised to upgrade their Linux kernel to version 6.5 or later to address this security issue. The fix involves modifying the lock_vma_under_rcu() function to properly check vma->anon_vma under vma lock (Kernel Commit).