PT-2024-3418 · Linux+4 · Linux Kernel+4
Alexander Sverdlin
·
Published
2024-03-12
·
Updated
2026-05-26
·
CVE-2024-26866
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel (affected versions not specified)
Description:
The issue is related to a potential use-after-free in the
fsl lpspi probe() function in the Linux kernel's SPI driver. This function allocates and disposes of memory manually using spi alloc host() and spi alloc target(), but also uses devm spi register controller(). In case of an error after the latter call, the memory is explicitly freed in the probe function by spi controller put(), but is used afterwards by "devm" management outside the probe function. This can lead to a kernel NULL pointer dereference. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.Technical details about exploitation include:
- The
fsl lpspi probe()function is vulnerable. - The
spi alloc host()andspi alloc target()functions are used for memory allocation. - The
devm spi register controller()function is used for controller registration. - The
spi controller put()function is used for memory deallocation. - The
spi unregister controller()function is called afterwards, which can lead to a use-after-free condition.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu