CVE CyberSecurity Database News

CVE-2024-53075: Linux Kernel Vulnerability "riscv: Prevent a bad reference count on CPU nodes" Resolved

Poster -

In this long-read post, we will be diving into the details of a recently resolved vulnerability in the Linux kernel. The specific vulnerability at hand is identified as "CVE-2024-53075: riscv: Prevent a bad reference count on CPU nodes." The vulnerability concerns the RISC-V architecture in the Linux kernel, which is widely used for embedded systems and other performance-critical applications. In order to aid in understanding and provide context, we will explain the issue, and also discuss the patch that has been applied to fix this vulnerability. We will also be providing relevant code snippets and links to the original references.

The Exploit Details

The central issue of this vulnerability resides in the Linux kernel's handling of cache leaves population. More specifically, the kernel fetches the CPU device node at the very beginning of the process. However, when ACPI (Advanced Configuration and Power Interface) is enabled, the kernel takes a specific branch in the code and returns early without calling 'of_node_put' for the acquired node.

This leads to a potential bad reference count on the CPU device nodes, which may cause instability or vulnerabilities in the system.

Here is the original code snippet with the problem

static int __init riscv_of_cache_init(void)
{
    struct device_node *np;
    ...
    np = of_get_cpu_node(, NULL);
    ...
    if (acpi_disabled)
        {
            ...
        }
    else
        {
            ...
            return ;
        }
    ...
    of_node_put(np);
}

The Patch

As a solution to this problem, the initialization of the CPU device node has been moved just past the ACPI block. This ensures that an 'of_node_put' call is made for the acquired device node, preventing a bad reference count. Additionally, the patched function now checks for errors when acquiring the device node and returns -ENOENT in case of a failure.

Here is the patched code snippet with the vulnerability resolved

static int __init riscv_of_cache_init(void)
{
    struct device_node *np;
    ...
    if (acpi_disabled)
        {
            np = of_get_cpu_node(, NULL);
            if (!np)
                return -ENOENT;
            ...
        }
    else
        {
            ...
            return ;
        }
    ...
    of_node_put(np);
}

With this patch applied, the specific vulnerability (CVE-2024-53075) has been effectively resolved.

1. Linux kernel source code: https://github.com/torvalds/linux
2. CVE-2024-53075 details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53075
3. RISC-V architecture: https://riscv.org/

In conclusion, it is essential to keep up-to-date with the latest security patches for the Linux kernel, especially for those who work with RISC-V architecture systems. The vulnerability discussed in this post, CVE-2024-53075, posed a significant threat in the form of a bad reference count on CPU nodes and could potentially make the system unstable or vulnerable. However, with the help of the patch provided, this issue has been successfully addressed, ensuring that the affected systems can continue functioning securely.

Timeline

Published on: 11/19/2024 18:15:27 UTC
Last modified on: 11/25/2024 13:58:31 UTC