CVE-2024-56708

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A segmentation fault issue has been resolved in the Linux kernel, specifically in the EDAC/igen6 module. The fault occurs during module unload due to a double free error. This happens because mci->pvt info is not set to NULL, causing kfree(mci->pvt info) to be called twice. The issue arises from the allocation of igen6 pvt with kzalloc() in igen6 probe() and the assignment of mci->pvt info to point to &igen6 pvt->imc[mc] in igen6 register mci(). During module removal, kfree(mci->pvt info) is called in mci release(), followed by kfree(igen6 pvt) in igen6 remove().

Recommendations To fix this issue, set mci->pvt info to NULL to avoid the double free error. This can be achieved by modifying the igen6 register mci() function to set mci->pvt info to NULL before calling kfree(mci->pvt info). As a temporary workaround, consider disabling the igen6 probe() function until a patch is available. Restrict access to the edac mc.c module to minimize the risk of exploitation. Avoid using the mci->pvt info variable in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.