A recent vulnerability concerning the Linux kernel has been identified and fixed. The issue was found in the uart_shutdown() function, in which a potentially unsafe Universal Asynchronous Receiver Transmitter (UART) port was accessed. This article will provide an in-depth explanation of the vulnerability, its potential implications, the related code snippet, and links to original references.

Description:

The vulnerability in question concerns the protection of uart_port_dtr_rts() in uart_shutdown(). This issue was resolved in commit af224ca2df29 titled "serial: core: Prevent unsafe uart port access, part 3". In this specific commit, several "uport == NULL" checks were added, including one in uart_shutdown(). However, it was found that unprotected "uart_port_dtr_rts(uport, false);" was still present— a call only invoked if HUPCL is set. It could be assumed that the scarcity of these reports is due to this fact.

The following code snippet shows the vulnerability prior to being rectified

void uart_shutdown(struct tty_struct *tty)
{
  …
  if (uport == NULL)
    return;

  uart_port_dtr_rts(uport, false);
  …
}

As demonstrated in this code snippet, the "uart_port_dtr_rts(uport, false);" call is not nested inside the "if (uport == NULL)" condition. This means that the call would still be made, even if "uport" is NULL, which poses a potential risk.

Resolution

To resolve this issue, the "uart_port_dtr_rts(uport, false);" call was moved inside the "if" condition to ensure that it is only executed when "uport" is not equal to NULL. Following is the corrected code:

void uart_shutdown(struct tty_struct *tty)
{
  …
  if (uport == NULL)
    return;

  if (uport->flags & UPF_BOOT_AUTOCONF)
    uart_port_dtr_rts(uport, false);
  …
}

1. Linux Kernel Git Commit: "serial: core: Prevent unsafe uart port access, part 3"
2. Coverity Scan Report for Linux Kernel (CID 158513)

Conclusion

The Linux Kernel vulnerability (CVE-2024-50058) in uart_shutdown(), which led to potential unsafe Universal Asynchronous Receiver Transmitter (UART) port access, has now been resolved. The code has been updated to ensure that the risk is mitigated, providing users with continued confidence in the stability and security of the Linux kernel. As always, when dealing with software vulnerabilities, it is essential to stay vigilant, update your systems, and ensure that you are running the latest version of the Linux kernel.

Timeline

Published on: 10/21/2024 20:15:17 UTC
Last modified on: 10/24/2024 03:56:53 UTC