CVE-2024-27038: Linux Kernel Vulnerability Resolved - clk: Fix clk_core_get NULL Dereference

The Linux kernel is the heart of any Linux-based operating system, and it's essential to keep it up-to-date and secure. In this post, we'll discuss a recently resolved vulnerability in the Linux kernel: CVE-2024-27038. This vulnerability is related to the 'clk' subsystem, and it could lead to a NULL dereference issue, potentially resulting in a system crash or other unintended behavior.

Vulnerability Details

The vulnerability is in the 'clk_core_get' function, where it's possible for the function to dereference a NULL pointer in a specific sequence of calls. The issue arises when '__clk_get_hw()' returns NULL, which is then subsequently dereferenced by 'clk_core_get()' at the 'hw->core' location.

This NULL dereference issue was not present prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups"), where the check 'IS_ERR_OR_NULL()' would have caught the NULL value.

To address this vulnerability, the 'clk_core_get' function has been updated to check for the 'hw' pointer before dereferencing it, and return NULL if 'hw' is NULL.

Here's a simple code snippet that demonstrates the updated 'clk_core_get' function

struct clk_core *clk_core_get(struct clk_hw *hw)
{
    if (!hw) {
        return NULL;
    }
    return hw->core;
}

This new implementation ensures that the 'hw' pointer is checked before dereferencing it, effectively eliminating the NULL dereference issue.

Original References

For more information on this vulnerability and its resolution, please refer to the following resources:

1. Commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups"): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dde4eff47c82
2. Linux Kernel Mailing List (LKML) discussion on the issue: https://lkml.org/lkml/2024/3/15/564
3. CVE-2024-27038 on the National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2024-27038

Conclusion

In summary, the Linux kernel vulnerability CVE-2024-27038, which could lead to a NULL dereference issue in the 'clk_core_get' function, has been resolved. By checking for the 'hw' pointer before dereferencing it and returning NULL if it is NULL, this vulnerability has been successfully mitigated. Make sure to update your Linux kernel to the latest version to include this important security fix.

Timeline

Published on: 05/01/2024 13:15:49 UTC
Last modified on: 06/25/2024 21:15:58 UTC