CVE-2021-46966 - Resolving Linux Kernel Vulnerability with ACPI Custom_method: Fixing Potential Use-After-Free Issue in cm_write()

A new vulnerability has been identified and resolved in the Linux kernel. CVE-2021-46966 pertains to a potential use-after-free issue in the ACPI custom_method, specifically within the cm_write() function. This blog post will discuss the details of the vulnerability, provide a code snippet demonstrating the fix, and offer links to the original references for more in-depth information.

Details of the Vulnerability

The vulnerability in the Linux kernel, CVE-2021-46966, arises due to a potential use-after-free issue in the ACPI custom_method. This problem occurs in the cm_write() function, which is responsible for writing data to an ACPI table. When the requested count is less than the table.length, the allocated buffer (buf) will be freed. However, subsequent calls to cm_write() will still attempt to access the freed buffer, leading to a use-after-free situation.

To resolve this vulnerability, the following changes have been made in the cm_write() function

-      kfree(buf);
+      if (ret == -EINVAL)
+           buf = NULL;
...
}

In this code snippet, we can see that the unconditional kfree(buf) statement has been removed from the end of the cm_write() function, to prevent freeing the buffer in cases where the requested count is less than table.length. Additionally, the buffer is now set to NULL in the -EINVAL error path to match the rest of the function.

Original References

For further information about this kernel vulnerability and its resolution, please consult the following links:

1. Linux Kernel Mailing List (LKML): ACPI: custom_method: fix potential use-after-free issue
2. NVD - CVE-2021-46966: National Vulnerability Database (NVD)

Exploit Details

The exploit for this vulnerability has not been demonstrated in the wild, and the code fix provided here should prevent any potential use-after-free issue that could have arisen due to the original implementation.

Conclusion

CVE-2021-46966 is a vulnerability in the Linux kernel that has been resolved with changes to the ACPI custom_method's cm_write() function. As a result, the risk of a use-after-free issue affecting the stability and security of Linux systems has been significantly mitigated. It is essential to keep your Linux kernel up-to-date with the latest patches to minimize the risk of any security vulnerabilities.

Timeline

Published on: 02/27/2024 19:04:07 UTC
Last modified on: 02/28/2024 14:06:45 UTC