CVE-2024-56576 - Fix for Linux kernel crash in the media: i2c: tc358743 probe error path when using polling

In the Linux kernel, a vulnerability with the identifier CVE-2024-56576 has been addressed. The issue is related to the media: i2c: tc358743 driver and its impact on the system's stability when an error occurs in the probe() function. Specifically, the crash happens in the probe error path when using the polling timer. The fix involves proper removal of the alarmed timer to ensure that it does not call arguments that have already been freed, which would result in the system crashing.

Here's a snippet of the code that demonstrates the error

------------[ cut here ]------------
WARNING: CPU: 3 PID:  at kernel/time/timer.c:183 __run_timers+x244/x268
Modules linked in:
CPU: 3 UID:  PID:  Comm: swapper/3 Not tainted 6.11. #226
(...)
Call trace:
 __run_timers+x244/x268
 timer_expire_remote+x50/x68
 tmigr_handle_remote+x388/x39c
 run_timer_softirq+x38/x44
 handle_softirqs+x138/x298
 __do_softirq+x14/x20
 ____do_softirq+x10/x1c
 call_on_irq_stack+x24/x4c
 do_softirq_own_stack+x1c/x2c
 irq_exit_rcu+x9c/xcc
 el1_interrupt+x48/xc
 el1h_64_irq_handler+x18/x24
 el1h_64_irq+x7c/x80
 default_idle_call+x34/x68
 do_idle+x23c/x294
 cpu_startup_entry+x38/x3c
 secondary_start_kernel+x128/x160
 __secondary_switched+xb8/xbc
---[ end trace 000000000000000 ]---

The error occurs due to the improper handling of the timer, which leads to a crash. When the probe() function encounters an error, it should remove the polling timer alarmed earlier. Failing to do so will cause the timer to call already freed arguments and subsequently result in a crash.

References to the original issue and its resolution can be found in the links below

- Media: i2c: tc358743 bug report
- Probe error crash resolution discussion
- Linux kernel commit for the fix

To fix the exploit and avoid crashes, users are advised to update their Linux kernel to the latest version that includes the patch for CVE-2024-56576. The patch ensures the proper handling of timers in the tc358743 driver and prevents potential crashes that may occur during the error handling process. Stay vigilant and keep your system up-to-date to minimize vulnerabilities and ensure optimal performance.

Timeline

Published on: 12/27/2024 15:15:16 UTC
Last modified on: 01/20/2025 06:23:24 UTC