CVE-2024-53198: Linux Kernel Xen Resource Release Vulnerability Fixed

In the Linux kernel, an important vulnerability has been resolved that involves the allocation and release of resources in the Xenbus subsystem. The fix addresses an issue in the function xenbus_dev_probe() where resources were not being properly released, potentially leading to problems. This patch aims to correct the issue and ensure that all allocated resources are properly managed and released.

Here's how the patch modifies the xenbus_dev_probe() function

...
// xenbus_dev_probe()

// After line 313
if (err) {
    // Original code: return err
    // Fixed code
    goto fail_remove;
}

...

// Add a new block fail_remove before the fail_put block
fail_remove:
    drv->remove(dev);
fail_put:
    module_put(drv->owner);
...

By adding the fail_remove block and using a goto statement to jump to this block in case of an error, the patch ensures the proper release of resources allocated by the probe() function of xenbus_dev_probe().

Exploit Details

The bug was discovered using an experimental static analysis tool developed by the research team, which specializes in analyzing reference count operations and detecting potential issues where resources are not managed properly. In this case, the tool flagged the missing release operation in xenbus_dev_probe() as a potential problem, and the team subsequently developed the patch.

The vulnerability arises when the xenbus_dev_probe() function returns an error directly without releasing resources allocated by the probe() function. As the return value is non-zero, the upper layers assume the processing logic has failed. However, since the resources were allocated without a corresponding remove operation, failing to perform the remove can lead to problems. The patch fixes this issue by following the resource release logic of the xenbus_dev_remove() function.

Original references

1. Linux kernel source code
2. Xenbus subsystem
3. Resource release logic in xenbus_dev_remove() function

With the release of this patch, developers using the Linux kernel in connection with Xen should be better protected from potential resource management issues resulting from the previously existing vulnerability. This fix aims to minimize the likelihood of reference count leaks and improve the overall stability and performance of Xen-based systems.

Timeline

Published on: 12/27/2024 14:15:27 UTC
Last modified on: 01/20/2025 06:21:04 UTC