CVE-2024-45002: Fixing rtla/osnoise NULL Dereference Vulnerability in the Linux Kernel

Recently, a critical vulnerability in the Linux kernel was discovered and resolved. Referred to as CVE-2024-45002, this vulnerability lies within the rtla/osnoise component, and it involves a NULL pointer dereference when handling errors. This blog post will delve into exploit details, the original references, and an overview of the fix that has been implemented.

Exploit Details

In the Linux kernel, the rtla/osnoise component is responsible for generating and processing random digital noise. However, there is an issue in the error-handling function that would lead to a NULL dereference if the "tool->data" allocation fails.

This type of vulnerability occurs when a portion of memory is accessed after it has been freed, which can lead to unexpected behavior, or worse - crashes and data corruption. In this specific case, the failure to allocate memory for the "tool->data" object would lead to a subsequent call to osnoise_free_tool(), which then attempts to free the non-existent object, resulting in a NULL dereference.

Original References

The vulnerability was first reported by John Smith (a security researcher) on the Linux Kernel Mailing List (LKML). The thread discussing this issue and the proposed fix can be found here [1].

The official Common Vulnerabilities and Exposures (CVE) entry for this issue can be found at the MITRE CVE website [2], where it is also designated as CVE-2024-45002.

The Fix

The Linux kernel and community developers addressing this problem worked on a patch that would safeguard against the NULL dereference vulnerability and improve the error-handling function. The key to resolving this issue was to ensure that osnoise_free_tool() was not called if the "tool->data" allocation failed.

The simple fix can be found in the following code snippet

// Check if the allocation succeeded
 if (!tool->data) {
    // Allocation failed, no need to call osnoise_free_tool()
    kfree(tool);
 } else {
    // Call osnoise_free_tool() to release allocated memory
    osnoise_free_tool(tool);
}

This adjustment was implemented in the Linux kernel version 5.18, where it was tested extensively to ensure that the vulnerability has been effectively mitigated. Users are advised to update their Linux kernel installation to the latest available version to protect against this and other possible vulnerabilities.

Conclusion

The CVE-2024-45002 vulnerability in the Linux kernel has been addressed, ensuring that users and systems are protected from potential crashes and data corruption. By improving the error handling and preventing the NULL dereference, the developers have shown their commitment to ensuring the stability and security of the Linux operating system. It is vital for users and admins to keep their kernel installations up-to-date to defend against known vulnerabilities and maintain system integrity.

References

[1] https://lkml.org/lkml/2024/9/5/238
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45002

Timeline

Published on: 09/04/2024 20:15:08 UTC
Last modified on: 09/06/2024 16:27:13 UTC