CVE-2023-52473: Fixing NULL Pointer Dereference in Linux Kernel's Thermal Zone Registration Error Path

In the Linux kernel, a critical vulnerability has been identified and resolved. The vulnerability existed in the thermal management subsystem, specifically within the thermal_zone_device_register_with_trips() function. This function is responsible for registering the thermal zone devices, which are crucial for monitoring and controlling the temperature of a computer system. The issue caused a NULL pointer dereference, leading to potential crashes and system instability.

The bug was introduced by two previous commits: adc8749b150c and 464962d9404. The former added a NULL assignment, which was meant to prevent a double-free vulnerability but ended up causing a NULL pointer dereference. The latter made the previous assignment redundant, making it unnecessary to keep. To fix the issue, the offending assignment has been removed from the code.

Here's the code snippet that demonstrates the problem

if (device_register(&tz->device)) {
   put_device(&tz->device);
   tz = NULL;
}
...
kfree(tz->tzp);

As can be seen, the tz variable is set to NULL if the device_register() function returns an error. However, this causes the kfree(tz->tzp) line to dereference a NULL pointer, resulting in a crash.

The solution is to simply remove the tz = NULL; line from the code, which has been addressed in an official patch. You can find more information on this patch and its commit message here: Linux Kernel Patch

With the removal of the redundant assignment, the vulnerability has been mitigated. However, users are advised to apply the latest patches and updates to their Linux kernel installations to protect themselves from this and other potential security flaws.

In conclusion, the discovery and remediation of this vulnerability highlight the importance of continuous code review and the commitment of the Linux community to maintain the safety and stability of the kernel. Users should stay vigilant and ensure their systems are up-to-date to minimize the risk of being affected by security issues such as CVE-2023-52473.

Timeline

Published on: 02/26/2024 16:27:48 UTC
Last modified on: 04/17/2024 18:30:15 UTC