i3c:master:cdns:修复 cdns_i3c_master 驱动程序中因竞争条件导致的释放后使用漏洞(CVE-2024-50061)

admin 2024-10-25 00:40:01 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
i3c:master:cdns:修复 cdns_i3c_master 驱动程序中因竞争条件导致的释放后使用漏洞(CVE-2024-50061)

CVE编号

CVE-2024-50061

利用情况

暂无

补丁情况

N/A

披露时间

2024-10-22
漏洞描述
In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://git.kernel.org/stable/c/609366e7a06d035990df78f1562291c3bf0d4a12
https://git.kernel.org/stable/c/687016d6a1efbfacdd2af913e2108de6b75a28d5
https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 linux linux_kernel * Up to (excluding) 6.6.57
运行在以下环境
系统 linux linux_kernel * From (including) 6.7 Up to (excluding) 6.11.4
CVSS3评分 7.0
  • 攻击路径 本地
  • 攻击复杂度 高
  • 权限要求 低
  • 影响范围 未更改
  • 用户交互 无
  • 可用性 高
  • 保密性 高
  • 完整性 高
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-ID 漏洞类型
CWE-416 释放后使用
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论:0   参与:  0