The Linux kernel has recently resolved a vulnerability (CVE-2024-26894) that caused a memory leak in the ACPI processor idle subsystem. This issue was found in the acpi_processor_power_exit() function, and the fix provided ensures that the memory associated with a CPU idle device is properly freed after it has been unregistered. In this post, we will discuss the details of this vulnerability, analyze the provided code snippet, and provide links to the original references for further reading.

Details

The memory leak issue was caused by the CPU idle device not being freed after it was unregistered. This led to the unwanted consumption of memory resources, as shown in the code snippet below:

unreferenced object xffff896282f6c000 (size 1024):
  comm "swapper/", pid 1, jiffies 429489317
  hex dump (first 32 bytes):
    00 00 00 00 b 00 00 00 00 00 00 00 00 00 00 00  ................
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  backtrace (crc 8836a742):
    [<ffffffff993495ed>] kmalloc_trace+x29d/x340
    [<ffffffff9972f3b3>] acpi_processor_power_init+xf3/x1c
    [<ffffffff9972d263>] __acpi_processor_start+xd3/xf
    [<ffffffff9972d2bc>] acpi_processor_start+x2c/x50
    [<ffffffff99805872>] really_probe+xe2/x480
    [<ffffffff99805c98>] __driver_probe_device+x78/x160
    [<ffffffff99805daf>] driver_probe_device+x1f/x90
    [<ffffffff9980601e>] __driver_attach+xce/x1c
    [<ffffffff99803170>] bus_for_each_dev+x70/xc
    [<ffffffff99804822>] bus_add_driver+x112/x210
    [<ffffffff99807245>] driver_register+x55/x100
    [<ffffffff9aee4acb>] acpi_processor_driver_init+x3b/xc
    [<ffffffff990012d1>] do_one_initcall+x41/x300
    [<ffffffff9ae7c4b>] kernel_init_freeable+x320/x470
    [<ffffffff99b231f6>] kernel_init+x16/x1b
    [<ffffffff99042e6d>] ret_from_fork+x2d/x50

To resolve this issue, the fix provided ensures that the CPU idle device is properly freed after it has been unregistered. The following is an example of how the fix can be applied:

//Existing code
unregister_cpu_idle_device(cpu);

//Fix
free_cpu_idle_device(cpu);

As seen above, the fix simply adds a call to free_cpu_idle_device(), which frees the memory associated with the CPU idle device.

References

For further information about this vulnerability and the subsequent fix, you can review the original references:

1. Linux Kernel Mailing List (LKML) Commit - Details the specific commit in which the vulnerability was resolved.
2. Commit Message - Provides additional background information about the issue and the steps taken to resolve it.

Exploit Details

At the time of writing, there are no known exploits targeting this specific vulnerability. However, it is essential to apply the fix to ensure that your Linux system is protected against potential attacks or issues that may arise from this memory leak.

Conclusion

In conclusion, the Linux kernel has resolved a significant memory leak vulnerability in the ACPI processor idle subsystem. This fix ensures that memory resources are appropriately managed, mitigating the risks associated with this issue. It is highly advised to apply the necessary patches and updates to your Linux system to stay protected.

Timeline

Published on: 04/17/2024 11:15:10 UTC
Last modified on: 06/27/2024 12:15:22 UTC