CVE CyberSecurity Database News

CVE-2024-50137 - Linux Kernel Vulnerability in Reset: StarFive: JH71x Resolved

Poster -

A vulnerability has been identified and resolved in the Linux kernel that affects the StarFive JH71x series. This CVE-2024-50137 vulnerability occurs when accessing an empty member on the JH711 System on a Chip (SoC). In this long-read post, we will delve into the details of this vulnerability, its potential impact, and the code snippet fix that addresses it. We will also provide references to the original sources for a better understanding.

Vulnerability Overview

The issue arises when the "data->asserted" member is NULL on a JH711 SoC. This problem was introduced with commit 82327b127d41 ("reset: starfive: Add StarFive JH711 reset driver"). The vulnerability might cause unexpected errors when the reset_control_status function is called on the JH711 SoC.

Exploit Details

Since the problematic commit, an uninitialized pointer would be accessed. An attacker could potentially exploit this vulnerability by causing a denial of service (DoS) attack and crashing the system or, in some cases, escalating privileges on the affected device.

Code Snippet Fix

The fix for this vulnerability is to add a judgment condition in the reset_control_status function, avoiding the error caused by accessing the empty member. The following code snippet demonstrates how to implement this fix:

static int __maybe_unused starfive_reset_status(struct reset_controller_dev *rcdev,
                                                unsigned long id)
{
	struct starfive_reset_data *data = to_starfive_reset_data(rcdev);

	if (!data->reset_config || !data->reset_config[id].asserted) 
	{
		/* Proper error handling if data->asserted is NULL */
		return -EINVAL;
	}
	
	return readl(data->base + data->reset_config[id].asserted) & BIT(data->reset_config[id].bit);
}

This code snippet shows the added "if" condition tests for the NULL value of "data->asserted". If either "data->reset_config" or "data->reset_config[id].asserted" is NULL, the function will return an error (-EINVAL) instead of accessing the empty member, avoiding potential exploits.

Original References

For more information about this Linux kernel vulnerability and the corresponding fix, check out the following references:

1. Linux Kernel Commit
2. Linux Kernel Mailing List

Conclusion

In conclusion, the CVE-2024-50137 vulnerability in the Linux kernel has been resolved by adding a judgment condition to avoid errors when calling the reset_control_status function on the JH711 SoC. It is crucial for users running StarFive JH71x series devices to apply the patch and ensure their systems are protected against potential exploits. Don't forget to frequently check for Linux kernel updates and apply them as soon as possible to maintain the security and stability of your system.

Timeline

Published on: 11/05/2024 18:15:16 UTC
Last modified on: 11/08/2024 14:29:05 UTC