CVE-2024-26978: Linux Kernel Vulnerability Resolved in Serial MAX310x Driver to Prevent NULL Pointer Dereference

A vulnerability has been identified and resolved in the Linux kernel. The issue was discovered in the serial driver for the MAX310x family of devices, specifically the MAX14830 device. This vulnerability resulted in a NULL pointer dereference when trying to instantiate the device from userspace. A patch has been applied to address this vulnerability, which includes a check for the validity of the devtype to prevent the error and abort the probe with a meaningful error message.

When attempting to instantiate a MAX14830 device from userspace using the following command

echo max14830 x60 > /sys/bus/i2c/devices/i2c-2/new_device

The Linux kernel experienced a NULL pointer dereference, resulting in an error with the following message:

Unable to handle kernel NULL pointer dereference at virtual address...
...
Call trace:
    max310x_i2c_probe+x48/x170 [max310x]
    i2c_device_probe+x150/x2a
...

This error occurred due to the missing check for the validity of the devtype in the initialization process. The vulnerability has been assigned the CVE identifier CVE-2024-26978.

Resolution

The patch has added a check for the validity of the devtype before proceeding with the probe process. This prevents the NULL pointer dereference error and provides a meaningful error message if the probe fails.

The following code snippet demonstrates the addition of the devtype validity check

if (!of_id || !of_id->data) {
    dev_err(dev, "Failed to obtain device information (%ld)\n", PTR_ERR(of_id));
    return -EINVAL;
}

This patch has been applied to the upstream Linux kernel source, and users are advised to update their kernels to incorporate the fix.

References

1. Linux kernel source code: This link provides the official Linux kernel repository and commit where the vulnerability has been fixed.
2. Linux kernel mailing list discussion: The mailing list discussion highlights the process of identifying and addressing the vulnerability with input from Linux kernel developers and maintainers.
3. CVE-2024-26978: The official CVE entry provides an overview of the vulnerability and links to additional resources.

Conclusion

The CVE-2024-26978 vulnerability has been resolved with a patch to the Linux kernel, preventing potential crashes and improving stability. Users are advised to update their Linux kernels to avoid the risk associated with this NULL pointer dereference issue in the serial MAX310x driver.

Timeline

Published on: 05/01/2024 06:15:15 UTC
Last modified on: 07/03/2024 01:50:11 UTC