In the Linux Kernel, a critical vulnerability, known as CVE-2024-42248, has been identified and resolved. This vulnerability is related to the tty: serial: ma35d1 component. In this article, we will explain the vulnerability in detail, showcase the code snippet that led to this vulnerability, and explain the remediation steps taken. Additionally, we will provide relevant references for further understanding.

The Vulnerability

The vulnerability stems from a missing NULL check for the pdev->dev.of_node variable in the Linux kernel's tty: serial: ma35d1 component. This variable can be NULL if the "serial" node is absent, which may lead to undefined behavior and potential security threats. A NULL pointer dereference may occur, leading to a potential crash or exploitation by an attacker.

The Code Snippet

To give you an idea of the code that had this vulnerability, here's a snippet of the affected portion of the Linux kernel's tty: serial: ma35d1 component:

ret = ma35d1_uart_probe(pdev, &console);
if (ret)
	goto free;

list_add_tail(&console->list, &ma35d1_uart_list);

if (console->uart.dev->of_node) {
	tty_port_register_device(&console->port, serial_major,
		       console->uart.line, console->uart.dev);
	ret = platform_get_irq(pdev, );
	if (ret < ) {
		dev_err(&pdev->dev, "failed to get irq\n");
		goto free_parser;
	}
}

As seen in the above code snippet, the problem lies in the fact that there is no NULL check for the variable console->uart.dev->of_node. This causes issues when the "serial" node is absent.

The Patch

In order to resolve this vulnerability, a NULL check has been added to return an error in cases where the "serial" node is absent. The patch for the vulnerability appears as follows:

/* Add this NULL check for of_node */
if (!console->uart.dev->of_node) {
	dev_err(&pdev->dev, "serial node is absent\n");
	ret = -ENODEV;
	goto free;
}

list_add_tail(&console->list, &ma35d1_uart_list);

tty_port_register_device(&console->port, serial_major,
		       console->uart.line, console->uart.dev);

By adding the NULL check before executing further operations, the Linux kernel can now avoid potential crashes and security exploits related to this vulnerability.

To learn more about this vulnerability, please refer to the following resources

1. Official CVE-2024-42248 Details: link
2. Linux Kernel Git Commit for the Resolution: link
3. Linux Kernel Mailing List Discussion: link
4. Nuvoton Technology Corporation Website: link

Conclusion

In this post, we have analyzed CVE-2024-42248, a vulnerability in the Linux kernel's tty: serial: ma35d1 component. We have also provided details regarding the code snippet that caused the vulnerability and the patch that has been implemented to resolve it. To understand more about this issue, feel free to use the references provided in this post.

Timeline

Published on: 08/07/2024 16:15:47 UTC
Last modified on: 11/05/2024 09:39:01 UTC