CVE-2024-53193

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A memory corruption bug has been resolved in the Linux kernel, specifically in the struct loongson2 clk provider within the clk-loongson2 module. The issue arises from the allocation of heap space for the flexible structure struct clk hw onecell data and its flexible-array member hws through the composite structure struct loongson2 clk provider in the loongson2 clk probe() function. This allocation corrupts the clk lock spinlock variable, which is used to protect access to DIV registers. The problem is caused by the flexible structure being placed in the middle of struct loongson2 clk provider instead of at the end. The fix involves moving struct clk hw onecell data clk data; to the end of struct loongson2 clk provider and adding a code comment to prevent similar issues in the future.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for the memory corruption bug in struct loongson2 clk provider. As a temporary workaround, consider disabling the loongson2 clk probe() function until a patch is available. Restrict access to the clk-loongson2 module to minimize the risk of exploitation. Avoid using the hws member of struct clk hw onecell data in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.