CVE-2024-57904: iio: adc: at91: call input_free_device() in Linux Kernel

A recently-discovered vulnerability bearing the CVE identification number CVE-2024-57904 highlights a flaw in the Linux kernel's code implementation. This vulnerability pertains to the subsystem iio: adc: at91 and has to do with an inaccuracy related to calling input_free_device() on allocated iio_dev devices. In this long-read post, we will discuss the details of this vulnerability, its implications, and the resolution that has been made to address it, making reference to the original references and providing code snippets where applicable.

Vulnerability Explanation

Within the Linux kernel, an incorrect implementation of the at91_ts_register() function potentially allows an attacker to cause system crashes, leading to a denial of service. The issue lies in the fact that the current implementation calls input_free_device() on st->ts_input, but the 'err' label can be reached before the allocated iio_dev is stored to st->ts_input. As a result, input_free_device() should be called on 'input' instead of 'st->ts_input'.

To better understand this vulnerability, let's take a look at the code snippet where this issue occurs:

`c
static int at91_ts_register(struct platform_device *pdev, struct at91_adc_state *st);
[...]
ts_input = devm_input_allocate_device(&pdev->dev);
if (!ts_input) {
dev_err(&pdev->dev, "Failed to allocate TS input device\n");
return -ENOMEM;
}
posite iio: adc: at91 directories ref2083e4addd ("iio: adc: at91: Initialize touch screen trigger structure with xff")

Timeline

Published on: 01/19/2025 12:15:23 UTC
Last modified on: 02/02/2025 11:15:12 UTC