CVE-2024-44937 - Linux Kernel Vulnerability Resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion

A vulnerability in the Linux kernel has been fixed recently, which would affect certain Dell Venue 714 tablets when undocking from the keyboard. The vulnerability is related to the ACPI notification handler, and its protection against recursion. This post contains details on the vulnerability, the code snippet, and links to original references.

Vulnerability Details

The vulnerability, which has been assigned the CVE number CVE-2024-44937, occurs within the Linux kernel in the platform/x86: intel-vbtn: notify handler. This issue arises due to a race condition, which could potentially register priv->switches_dev twice, causing multiple error messages and serious issues including a NULL pointer dereference.

Fix Details

The vulnerability has been fixed by adding a mutex to protect the intel-vbtn notify_handler() from racing with itself. Below is the code snippet for the fix:

static int intel_vbtn_notify(struct notifier_block *nb,
			     unsigned long val, void *data)
{
	struct intel_vbtn_priv *priv =
		container_of(nb, struct intel_vbtn_priv, pm_nb);
	struct acpi_bus_event *event = data;

	if (strcmp(event->device_class, "switch") != )
		return ;

	mutex_lock(&priv->input_dev_lock);
	if (priv->switches_dev) {
		intel_vbtn_process_switch(priv);
	} else {
		/*
		 * If we received the notification before input_dev got
		 * created (which can happen), just note that it's happened
		 * and we'll create the switch device when input_dev gets
		 * created.
		 */
			priv->event_not_handled = true;
	}
	mutex_unlock(&priv->input_dev_lock);
	return ;
}

Original References

- Vulnerability and Patch details: LKML link

Exploit Details

In the wild, attackers could potentially exploit this vulnerability by undocking a Dell Venue 714 tablet from the keyboard and rapidly inducing the race condition. This could cause system instability, crashes, and exposes the affected system to potential kernel NULL pointer dereference exploit which could potentially lead to privilege escalation and denial of service.

The fix by adding a mutex to protect against recursion should prevent this exploit from happening and improve overall stability and security.

Conclusion

The Linux kernel vulnerability, CVE-2024-44937, has been fixed with a code update that ensures proper thread synchronization by using a mutex. Users of affected devices, particularly Dell Venue 714 tablets, should make sure they are running the latest version of the kernel with the patch applied to avoid any potential issues and protect the device against potential exploitation.

Timeline

Published on: 08/26/2024 11:15:05 UTC
Last modified on: 08/27/2024 16:10:11 UTC