CVE-2024-35796: Linux Kernel Vulnerability Resolved in net: ll

A recent Linux kernel vulnerability – CVE-2024-35796 – has been identified and resolved in the 'net: ll_temac' function. This post will provide an overview of the issue, including the code snippet at the heart of the problem and details on the exploit. Additionally, we'll outline how it was fixed and link to the original references describing the issue and solution.

Exploit Details

The vulnerability affects the function 'platform_get_resource', which was replaced with the incorrect function 'devm_platform_ioremap_resource_byname'. This incorrect replacement is called using as the name, and it ultimately leads to the 'platform_get_resource_byname' function in the call stack. The issue arises when the null pointer in 'strcmp' is encountered and improperly executed:

if (type == resource_type(r) && !strcmp(r->name, name))

Fix:

To successfully patch this vulnerability, the 'platform_get_resource' function should be replaced with the correct function, 'devm_platform_ioremap_resource'. This allows the code to execute as intended and prevent any issues that might be caused by the null pointer in 'strcmp'.

Further details, alongside original references, can be found in the following sources

1. Linux Kernel Mailing List (LKML) - net: ll_temac: Fix replacement of platform_get_resource
2. Linux Kernel Mailing List (LKML) - PATCH net: ll_temac: replace platform_get_resource with devm_platform_ioremap_resource_and_get_byname

Conclusion

In conclusion, the Linux Kernel vulnerability – CVE-2024-35796 – stemmed from the improper replacement of the 'platform_get_resource' function with the incorrect 'devm_platform_ioremap_resource_byname' function. As a result, this led to a null pointer in 'strcmp', which could potentially be exploited. To resolve this issue, developers should replace the function with the correct 'devm_platform_ioremap_resource'.

Timeline

Published on: 05/17/2024 14:15:11 UTC
Last modified on: 06/25/2024 22:15:30 UTC