CVE-2024-39484: Linux Kernel Vulnerability Resolved in MMC Driver

Introduction: CVE-2024-39484 refers to a Linux kernel vulnerability that has recently been resolved. This vulnerability comes from the Linux kernel's MMC (MultiMediaCard) driver implementation for TI's (Texas Instruments) DaVinci platform. In this blog post, we'll explore the details of this vulnerability, discuss its impact on affected systems, and look at the solution that has been implemented to mitigate it. We'll also provide links to the relevant source code and references for further reading.

Background: The Linux kernel is responsible for managing various hardware devices, including MMC devices. The DaVinci platform is a family of processors primarily used in embedded systems, and the Linux kernel provides support for them in the form of device drivers. The MMC driver for the DaVinci platform is implemented as a loadable kernel module (LKM), which means it can be added or removed from the kernel at runtime.

Vulnerability Details: The issue arises due to the use of the __exit macro for the davinci_mmcsd_remove function in the DaVinci MMC driver. The __exit macro is used to mark a function as an exit section, i.e., the function is used only during the module's removal process. If the driver is built as a built-in module (i.e., CONFIG_MMC_DAVINCI=y), the remove function gets discarded. Consequently, when such a device gets unbound (e.g., using sysfs or hotplug), the driver is just removed without the required clean-up being performed. This results in resource leaks and other unexpected behavior.

Here is the original code snippet that caused the vulnerability

static int __exit davinci_mmcsd_remove(struct platform_device *pdev)
{
   ...
}

Solution and Patch: The issue has been resolved by removing the __exit macro usage and making the remove function part of the .text section. This ensures that the callback will be compiled unconditionally, allowing the clean-up process to take place properly.

Here is the patched code snippet

static int davinci_mmcsd_remove(struct platform_device *pdev)
{
   ...
}

With this modification, the resource leak issue is resolved and the reported modpost warning is also fixed:

WARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in reference: davinci_mmcsd_driver+x10 (section: .data) -> davinci_mmcsd_remove (section: .exit.text)

This warning no longer appears in the build logs.

Conclusion: The CVE-2024-39484 vulnerability posed potential risks to Linux systems using the MMC driver on TI's DaVinci platform. Fortunately, the problem has been resolved, and proper clean-up processes are now executed when the driver gets removed. Developers and users should make sure they apply the latest patches and updates to keep their systems secure.

References and Further Reading

- Linux kernel source tree
- Commit link for the patch

Timeline

Published on: 07/05/2024 07:15:10 UTC
Last modified on: 07/15/2024 06:50:20 UTC