i3c:master:cdns:修复 cdns_i3c_master 驱动程序中因竞争条件导致的释放后使用漏洞(CVE-2024-50061)
CVE编号
CVE-2024-50061利用情况
暂无补丁情况
N/A披露时间
2024-10-22漏洞描述
In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | i3c_master_unregister(&master->base) | device_unregister(&master->dev) | device_release | //free master->base | | i3c_master_do_daa(&master->base) | //use master->base Fix it by ensuring that the work is canceled before proceeding with the cleanup in cdns_i3c_master_remove.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。受影响软件情况
# | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
1 | |||||||||
---|---|---|---|---|---|---|---|---|---|
运行在以下环境 | |||||||||
系统 | linux | linux_kernel | * | Up to (excluding) 6.6.57 | |||||
运行在以下环境 | |||||||||
系统 | linux | linux_kernel | * | From (including) 6.7 | Up to (excluding) 6.11.4 |
- 攻击路径 本地
- 攻击复杂度 高
- 权限要求 低
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 高
- 完整性 高
CWE-ID | 漏洞类型 |
CWE-416 | 释放后使用 |
Exp相关链接

版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论