CVE-2024-27061

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version

Description The vulnerability is related to a use-after-free issue in the sun8i ce cipher unprepare function. This function should be called before crypto finalize skcipher request because client callbacks may immediately free memory that is no longer needed. However, this memory is still used by sun8i ce cipher unprepare after it has been freed, resulting in a pointer dereference problem during a crypto self-test. The issue is detected by KASAN and can cause a kernel NULL pointer dereference.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the sun8i ce cipher unprepare function until a patch is available. However, this may have unintended consequences and should be done with caution.

Note: The provided input does not specify the exact fixed version of the Linux kernel. Therefore, the recommendation is to update to the latest version available.