In the Linux kernel, the following vulnerability has been resolved:
i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
In the cdns_i3c_master_probe function, &master->hj_work is bound with
cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call
cnds_i3c_master_demux_ibis function to start the work.
If we remove the module which will call cdns_i3c_master_remove to
make cleanup, it will free master->base through i3c_master_unregister
while the work mentioned above will be used. The sequence of operations
that may lead to a UAF bug is as follows:
CPU0 CPU1
| cdns_i3c_master_hj
cdns_i3c_master_remove |
i3c_master_unregister(&master->base) |
device_unregister(&master->dev) |
device_release |
//free master->base |
| i3c_master_do_daa(&master->base)
| //use master->base
Fix it by ensuring that the work is canceled before proceeding with
the cleanup in cdns_i3c_master_remove.
References
Configurations
Configuration 1 (hide)
|
History
23 Oct 2024, 21:48
Type | Values Removed | Values Added |
---|---|---|
First Time |
Linux linux Kernel
Linux |
|
CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
References | () https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12 - Patch | |
References | () https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5 - Patch | |
References | () https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b - Patch | |
CWE | CWE-416 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
23 Oct 2024, 15:12
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Oct 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-21 20:15
Updated : 2024-10-23 21:48
NVD link : CVE-2024-50061
Mitre link : CVE-2024-50061
CVE.ORG link : CVE-2024-50061
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-416
Use After Free