CVE-2024-27027: Linux Kernel DPLL Vulnerability Resolved - dpll: fix dpll_xa_ref_*_del() for Multiple Registrations

The Linux kernel is the underlying core of Linux operating systems, and ensuring its security is of utmost importance. Vulnerabilities within the kernel can lead to severe consequences if exploited. A recent vulnerability, assigned with the identifier CVE-2024-27027, has been discovered that affects the Dynamic Phase Locked Loop (DPLL) subsystem of the Linux kernel.

The issue arises when there are multiple registrations of the same pin on the same DPLL device. This causes warnings to be observed within the dpll_core.c file at lines 143 and 223.

To illustrate the problem, here is a code snippet related to the warnings

WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:143 dpll_xa_ref_pin_del.isra.+x21e/x230
WARNING: CPU: 5 PID: 2212 at drivers/dpll/dpll_core.c:223 __dpll_pin_unregister+x2b3/x2c

The crux of the issue stems from the fact that both dpll_xa_ref_dpll_del() and dpll_xa_ref_pin_del() functions only remove registrations from the list when the reference count drops to zero. This method is incorrect; the registration must always be removed.

To fix this vulnerability, the registration needs to be removed from the list and freed unconditionally, as opposed to only when the reference counter reaches zero. This solution ensures that the Linux kernel remains secure and functional even when dealing with multiple registrations.

This issue has been addressed in the Linux kernel with the following patch

diff --git a/drivers/dpll/dpll_core.c b/drivers/dpll/dpll_core.c
...
-       if (!--reg->ref)
-               list_del(&reg->list);
+       list_del(&reg->list);
...
-       if (!--reg->ref)
-               list_del(&reg->list);
+       list_del(&reg->list);

Original references to the vulnerability and its resolution can be found at the following links

1. Linux kernel patch mailing list
2. Linux kernel Git repository - commit

In conclusion, this vulnerability (CVE-2024-27027) concerning multiple registrations in the DPLL subsystem of the Linux kernel has been identified and resolved. The patch provided removes registrations from the list unconditionally, thereby addressing the issue and maintaining the security and functionality of the Linux kernel. Users and developers are encouraged to apply the patch to ensure their Linux systems remain protected.

Timeline

Published on: 05/01/2024 13:15:48 UTC
Last modified on: 05/29/2024 05:27:16 UTC