CVE-2024-50084: Linux Kernel Vulnerability Resolved in Net: Microchip: VCAP API

In the Linux kernel, a vulnerability has been identified and resolved that affects the net: microchip: vcap api subsystem. The vulnerability was found in the vcap_api_encode_rule_test() function. An earlier commit a3c1e45156ad, which fixed a use-after-free error, inadvertently introduced memory leaks. This issue has now been fixed by adding necessary vcap_free_rule() calls.

Details

The memory leaks occurred due to the removal of vcap_free_rule() that resulted in unreferenced objects accumulating in the kernel's memory. This issue could potentially lead to Denial of Service (DoS) attacks or further exploitation of the kernel processes.

These memory leaks were detected in the following kernel objects and backtraces

unreferenced object xffffff80ca58b700 (size 192):
...
unreferenced object xffffff80ccb040 (size 64):
...
unreferenced object xffffff80ccb070 (size 64):
...
unreferenced object xffffff80ccb090 (size 64):
...
unreferenced object xffffff80ccb098 (size 64):

To resolve the issue, the missing vcap_free_rule() calls were added to the appropriate sections within the vcap_api_encode_rule_test() function. By adding these calls, the kernel can now successfully reclaim the allocated memory and prevent memory leaks.

Links to Original References

* Linux Kernel Repository (Commit a3c1e45156ad)
* [Linux Kernel Mailing List Archive](
http://lkml.org/lkml/2022/5/7/32)

Conclusion

This CVE-2024-50084 vulnerability within the Linux kernel's net: microchip: vcap api subsystem has now been resolved. Kernel developers and maintainers are recommended to review the provided links for further details and ensure that their systems are updated accordingly. By addressing this issue, the potential for DoS attacks or system exploitation due to memory leaks can be significantly reduced.

Timeline

Published on: 10/29/2024 01:15:05 UTC
Last modified on: 10/30/2024 14:56:07 UTC