In the Linux kernel, a vulnerability was identified and resolved recently that involves the "crypto: caam" kernel module. This module is responsible for providing cryptographic acceleration and offload services for various cryptographic algorithms. The vulnerability details are discussed below, with the original references, the code snippet, and the exploit overview.

Vulnerability Details

The vulnerability exists in the Linux kernel's "crypto: caam" module, specifically within the caam_qi_shutdown() function. This function gets called when the system is shut down or reset to free up the resources utilized by this module. While releasing the resources, the devm_add_action_or_reset() function is called, and it receives an incorrect pointer type.

The following code snippet shows the issue in the caam_qi_shutdown() function

static int caam_qi_shutdown(struct device *dev, void *_unused)
{
    struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);
    struct device *qi_dev = ctrlpriv->qi_dev;

    caam_jr_shutdown(qi_dev);   // <-- Issue here

    return ;
}

The function caam_jr_shutdown() is being called with a "struct device*" pointer passed as its argument. However, it expects a "struct caam_drv_private*" pointer. The incorrect pointer type causes unpredictable behavior and resource release failures.

Resolution

The resolution of this vulnerability involves correcting the parameter being passed to the devm_add_action_or_reset() function as shown in the following code snippet:

/* Corrected version of caam_qi_shutdown() */
static int caam_qi_shutdown(struct device *dev, void *_unused)
{
    struct caam_drv_private *ctrlpriv = dev_get_drvdata(dev);

    caam_jr_shutdown(ctrlpriv);  // Pass the correct pointer type

    return ;
}

By passing the correct pointer type to devm_add_action_or_reset(), the resources used by the module are released as expected, resolving the vulnerability.

Exploit Overview

The impact and exploitability of this vulnerability are generally considered low. An attacker would need local access and the ability to trigger a system restart or shutdown to exploit this vulnerability. The primary risk associated with this vulnerability is the possibility of kernel memory leaks, which may lead to system instability in the long term. However, remote exploitation of this vulnerability is unlikely.

Original References

1. Linux Kernel Source Code
2. CVE-2024-56754 Vulnerability Report

Conclusion

In summary, the vulnerability (CVE-2024-56754) within the Linux kernel's "crypto: caam" module has been successfully resolved. The issue involved passing an incorrect pointer type to the devm_add_action_or_reset() function in the caam_qi_shutdown() function. By correcting the pointer type, the resources used by the module are released as expected, fixing the vulnerability.

Timeline

Published on: 12/29/2024 12:15:08 UTC
Last modified on: 01/06/2025 20:28:24 UTC