CVE-2024-36930 - Linux Kernel Vulnerability Resolved: Spi Null Pointer Dereference Issue Within Spi_Sync
A vulnerability in the Linux kernel has been resolved by fixing a null pointer dereference within spi_sync(). This vulnerability, identified as CVE-2024-36930, could potentially cause a system crash or other issues. This post will provide a detailed explanation of the vulnerability, its resolution, and links to original references.
spi: fix null pointer dereference within spi_sync
If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to a null pointer dereference when the callback is invoked from spi_finalize_current_message().
With function inlining disabled, the call stack might look like this
_raw_spin_lock_irqsave from complete_with_flags+x18/x58
complete_with_flags from spi_complete+x8/xc
spi_complete from spi_finalize_current_message+xec/x184
spi_finalize_current_message from spi_transfer_one_message+x2a8/x474
spi_transfer_one_message from __spi_pump_transfer_message+x104/x230
__spi_pump_transfer_message from __spi_transfer_message_noqueue+x30/xc4
__spi_transfer_message_noqueue from __spi_sync+x204/x248
__spi_sync from spi_sync+x24/x3c
spi_sync from mcp251xfd_regmap_crc_read+x124/x28c [mcp251xfd]
mcp251xfd_regmap_crc_read [mcp251xfd] from _regmap_raw_read+xf8/x154
_regmap_raw_read from _regmap_bus_read+x44/x70
_regmap_bus_read from _regmap_read+x60/xd8
_regmap_read from regmap_read+x3c/x5c
regmap_read from mcp251xfd_alloc_can_err_skb+x1c/x54 [mcp251xfd]
mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+x194/xe70 [mcp251xfd]
mcp251xfd_irq [mcp251xfd] from irq_thread_fn+x1c/x78
irq_thread_fn from irq_thread+x118/x1f4
irq_thread from kthread+xd8/xf4
kthread from ret_from_fork+x14/x28
The fix for this vulnerability involves setting message->complete to NULL when the transfer is complete.
The following patches have been developed and applied to resolve the vulnerability
- spi: fix null pointer dereference within spi_sync
- spi: spi_sync: fix a NULL pointer dereference
To ensure the security of your Linux systems, it is recommended to update the kernel to the latest version that includes these patches.
Original References
- Linux kernel mailing list
- CVE-2024-36930: Linux Kernel Spi Fix
Exploit details
There are currently no known exploits for this vulnerability. However, it is always wise to patch and update your systems as soon as possible to prevent potential future attacks.
Timeline
Published on: 05/30/2024 16:15:16 UTC
Last modified on: 06/10/2024 19:20:48 UTC