CVE-2024-56562 - Linux Kernel i3c Master Vulnerability Resolved: Fix for Miss Free init_dyn_addr at i3c_master_put_i3c_addrs()

Introduction: In the Linux kernel, a vulnerability has been identified and resolved in the i3c master subsystem. The issue arises due to a miss free init_dyn_addr at i3c_master_put_i3c_addrs(). This vulnerability allows an attacker to potentially exploit the Linux kernel and carry out malicious activities. In this post, we will be discussing the vulnerability, its impact, and the fix that was implemented to resolve it.

Vulnerability Details: The vulnerability exists in the following section of the Linux kernel i3c master code:

if (dev->boardinfo && dev->boardinfo->init_dyn_addr)
    ^^^ here check "init_dyn_addr"
i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...)
                                     ^^^^
                                    free "dyn_addr"

In this code snippet, the variable "init_dyn_addr" is checked to determine if there's an address allocated in the i3c device's boardinfo structure. However, if this condition holds true, the subsequent function call to i3c_bus_set_addr_slot_status() inadvertently frees the "dyn_addr" variable instead of "init_dyn_addr". This results in a potential vulnerability that could be exploited by an attacker.

Impact: An attacker who successfully exploits this vulnerability may be able to corrupt memory or execute arbitrary code with kernel-level privileges. This could lead to various malicious activities such as unauthorized data access, privilege escalation, or even denial of service attacks.

Resolution: To fix this issue, a patch was proposed and implemented that corrects the copy/paste error and replaces "dyn_addr" with "init_dyn_addr". Here is the updated code snippet with the fix in place:

if (dev->boardinfo && dev->boardinfo->init_dyn_addr)
    ^^^ here check "init_dyn_addr"
i3c_bus_set_addr_slot_status(&master->bus, dev->info.init_dyn_addr, ...)
                                     ^^^^
                                     free "init_dyn_addr"

With this fix, the correct address variable is freed, and the vulnerability is mitigated.

Original References

1. Linux Kernel Git Commit
2. Linux Kernel Mailing List
3. CVE-2024-56562 Details

Conclusion: It's crucial to keep your Linux kernel up-to-date and apply patches as soon as they become available to mitigate any security vulnerabilities. By applying the fix detailed in this post, you can ensure your system is protected from potential exploits arising from the CVE-2024-56562 vulnerability in the Linux kernel i3c master subsystem.

Timeline

Published on: 12/27/2024 15:15:15 UTC
Last modified on: 01/20/2025 06:23:07 UTC