Bugzilla – Bug 1225831
VUL-0: CVE-2024-36932: kernel: thermal/debugfs: Prevent use-after-free from occurring after cdev removal
Last modified: 2024-06-04 12:16:28 UTC
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL. Cc :6.8+ <stable@vger.kernel.org> # 6.8+ References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-36932 https://git.kernel.org/pub/scm/linux/security/vulns.git/plain/cve/published/2024/CVE-2024-36932.mbox https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481 https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da https://www.cve.org/CVERecord?id=CVE-2024-36932
Debugfs is not production enabled and recommended debugging interface. Bugs are common and to be expected. Only privileged users should have access otherwise the system is misconfigured. This is not considered a security problem.
All done, closing.