kernel due to double free issue in kernel. Due to this issue, the system may hang or stop responding, or may cause data corruption. Kernel may halt during operation and user may not be able to recover back to the previous state. This may lead to system instability or bricking the device. Double free issue may be caused due to improper usage of kernel objects. For example, when user creates a new object within kernel, and then releases the object by calling delete on it, then the kernel may end up with un-released object. This may cause kernel panic. Double free issue may also occur due to invalid object usage. For example, user may use a pointer to an object as if it was an object itself.
How to Hide/Remove Double Free Issue?
The easiest way to hide/remove double free issue is to disable the usage of kernel object.
To disable kernel object usage, you can use following command:
echo 0 > /sys/kernel/mm/ksm/run
The other methods to hide/remove double free issue are as follows:
- Disable all kernel objects by using -1 as the value for /sys/kernel/mm/ksm/run parameter.
- Remove all anonymous page sharing by deleting all files from /dev/.private_tmp directory.
- Use any method that removes all references to un-released kernel objects.
Product Description
CVE-2022-25660 is the vulnerability that provides hackers with the ability to control a system without an owner’s permission. This vulnerability is currently known as Product Description. Double free issue may be caused due to improper usage of kernel objects. For example, when user creates a new object within kernel, and then releases the object by calling delete on it, then the kernel may end up with un-released object. This may cause kernel panic. Double free issue may also occur due to invalid object usage. For example, user may use a pointer to an object as if it was an object itself.
Solution
Users can take the following steps to resolve this issue:
1. Avoid creating new objects within kernel and use an existing object instead
2. Avoid using pointers as if they are objects themselves
3. Use only safe pointer operations (e.g., *p = p + 1)
Error Message and Possible Cause
-kernel due to double free issue in kernel. Due to this issue, the system may hang or stop responding, or may cause data corruption. Kernel may halt during operation and user may not be able to recover back to the previous state. This may lead to system instability or bricking the device. Double free issue may be caused due to improper usage of kernel objects. For example, when user creates a new object within kernel, and then releases the object by calling delete on it, then the kernel may end up with un-released object. This may cause kernel panic. Double free issue may also occur due to invalid object usage. For example, user may use a pointer to an object as if it was an object itself.>>END>>
Vulnerability Scenario
The system allows the user to create a new object within kernel. The user creates a new object and releases it by calling delete on it, without freeing up the memory. This may cause kernel panic.
The system uses invalid pointer usage and causes a double free issue when it calls delete on the created object and tries to call delete again on the same object.
Timeline
Published on: 10/19/2022 11:15:00 UTC
Last modified on: 10/21/2022 20:16:00 UTC