CVE-2021-46962: Linux Kernel Vulnerability Resolved in Uniphier SD/MMC Host Controller

A recently discovered vulnerability in the Linux kernel has been resolved in the latest patch. The vulnerability, designated as CVE-2021-46962, was found in the Uniphier SD/MMC host controller driver (mmc: uniphier-sd), specifically affecting the remove function. This post will provide an overview of the vulnerability, a code snippet demonstrating the fix, links to original references, and details about the exploit.

Description

In the Linux kernel, the mmc: uniphier-sd driver is responsible for handling SD and MMC cards on Uniphier System-on-a-Chip (SoC) platforms. A resource leak was identified in the remove function due to a missing tmio_mmc_host_free() call, which is supposed to balance a tmio_mmc_host_alloc() call made during the probe process. While the missing call was properly handled in the error handling path of the probe, it was not present in the remove function.

Exploit Details

The vulnerability involves a resource leak in the Uniphier SD/MMC host controller driver in the Linux kernel. As the remove function lacks the necessary call to tmio_mmc_host_free(), resources may not be correctly released when the driver is unloaded. This can lead to memory leaks or other undesirable side effects. An attacker with sufficient access may exploit this vulnerability to cause a denial of service (DoS) attack through resource exhaustion.

Patch/Fix

To resolve this vulnerability, the missing tmio_mmc_host_free() call should be added to the remove function in the Uniphier SD/MMC host controller driver. Below is the code snippet demonstrating the fix:

static void uniphier_sd_remove(struct platform_device *pdev)
{
     struct tmio_mmc_host *host = platform_get_drvdata(pdev);

     tmio_mmc_host_remove(host);
+    tmio_mmc_host_free(host);
}

With this adjustment, the tmio_mmc_host_free() function now correctly gets called in the remove function, ensuring that resources are properly released and preventing potential memory leaks or exploitations by malicious actors.

Original References

1. Linux Kernel Mailing List (LKML) patch submission: https://lkml.org/lkml/2021/10/14/350
2. Linux Kernel Git repository commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8e56d1714cc29a5bec30afe987dd486556d621a
3. CVE Details: https://www.cvedetails.com/cve/CVE-2021-46962/

Conclusion

CVE-2021-46962 represents a vulnerability within the Linux kernel, specifically involving the mmc: uniphier-sd driver. With the patch described above, the resource leak concern stemming from a missing tmio_mmc_host_free() call in the remove function has been addressed. Users are advised to update to the latest kernel version in order to protect their systems against potential exploitation or memory leak issues related to this vulnerability.

Timeline

Published on: 02/27/2024 19:04:06 UTC
Last modified on: 02/28/2024 14:06:45 UTC