A double free vulnerability exists in the Linux kernel versions prior to 5.18.4 in the ‘rpmsg_probe' function, located in drivers/rpmsg/virtio_rpmsg_bus.c. Exploiting this vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service (DoS) attack.

Introduction

A recent security advisory published by NVD has disclosed a double free vulnerability in the Linux kernel (Mapped to CVE-2022-34495). This vulnerability exists in the 'rpmsg_probe' function found within the drivers/rpmsg/virtio_rpmsg_bus.c file. Specifically, this vulnerability may lead to memory corruption which can further lead to various potential exploits such as arbitrary code execution or denial-of-service attack.

Affected Linux Kernel Versions

This vulnerability affects Linux kernel versions prior to 5.18.4. Users should actively patch their kernel systems to the latest version to mitigate this vulnerability.

Code Snippet Demonstrating the Issue

The following code snippet, taken from the Linux kernel, highlights the faulty code within the 'rpmsg_probe' function:

static int rpmsg_probe(struct virtio_device *vdev)
{
...
    /* some initialization code here */

    if (err) {
        rpmsg_destroy_ept(rvdev->endpoints);
        put_device(&rdev->dev);
    }
...
}

This code possible double free situation with 'rvdev->endpoints' and 'rdev->dev' pointers under error conditions.

Exploit Details

An attacker with the ability to control specific code paths can potentially exploit the double free vulnerability. By causing a specific error scenario during the rpmsg_probe execution, an attacker can trigger a double free of memory. This could lead to memory corruption, enabling the attacker to execute arbitrary code on the target system. Additionally, an attacker could use this vulnerability to cause a denial-of-service attack, preventing the target system from functioning as intended.

1. CVE-2022-34495 on the National Vulnerability Database (NVD) - https://nvd.nist.gov/vuln/detail/CVE-2022-34495
2. rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c - https://elixir.bootlin.com/linux/v5.17.1/source/drivers/rpmsg/virtio_rpmsg_bus.c#L143

Mitigation and Action

To mitigate this vulnerability, users should patch their Linux kernel to version 5.18.4 or newer. Most major Linux distributions have already released updates addressing this issue, and users should consult their distribution's specific guidance for patching.

Additionally, users should stay informed about security updates and announcements regarding such vulnerabilities in the future. This can be done by subscribing to security mailing lists, periodically checking CVE databases, and engaging with relevant security forums and communities.

Conclusion

In summary, CVE-2022-34495 is a double free vulnerability in the Linux kernel affecting the 'rpmsg_probe' function in drivers/rpmsg/virtio_rpmsg_bus.c. It can potentially be exploited to achieve arbitrary code execution or denial-of-service attacks. Users should immediately patch their systems to a kernel version greater than or equal to 5.18.4 and maintain their security posture by staying informed about future vulnerabilities and updates.

Timeline

Published on: 06/26/2022 16:15:00 UTC
Last modified on: 07/08/2022 03:59:00 UTC