CVE - CVE-2024-53068

CVE-ID
CVE-2024-53068	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() The scmi_dev->name is released prematurely in __scmi_device_destroy(), which causes slab-use-after-free when accessing scmi_dev->name in scmi_bus_notifier(). So move the release of scmi_dev->name to scmi_device_release() to avoid slab-use-after-free. \| BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec \| Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 \| \| CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1 \| Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT) \| Call trace: \| dump_backtrace+0x94/0x114 \| show_stack+0x18/0x24 \| dump_stack_lvl+0x48/0x60 \| print_report+0xf4/0x5b0 \| kasan_report+0xa4/0xec \| __asan_report_load1_noabort+0x20/0x2c \| strncmp+0xe4/0xec \| scmi_bus_notifier+0x5c/0x54c \| notifier_call_chain+0xb4/0x31c \| blocking_notifier_call_chain+0x68/0x9c \| bus_notify+0x54/0x78 \| device_del+0x1bc/0x840 \| device_unregister+0x20/0xb4 \| __scmi_device_destroy+0xac/0x280 \| scmi_device_destroy+0x94/0xd0 \| scmi_chan_setup+0x524/0x750 \| scmi_probe+0x7fc/0x1508 \| platform_probe+0xc4/0x19c \| really_probe+0x32c/0x99c \| __driver_probe_device+0x15c/0x3c4 \| driver_probe_device+0x5c/0x170 \| __driver_attach+0x1c8/0x440 \| bus_for_each_dev+0xf4/0x178 \| driver_attach+0x3c/0x58 \| bus_add_driver+0x234/0x4d4 \| driver_register+0xf4/0x3c0 \| __platform_driver_register+0x60/0x88 \| scmi_driver_init+0xb0/0x104 \| do_one_initcall+0xb4/0x664 \| kernel_init_freeable+0x3c8/0x894 \| kernel_init+0x24/0x1e8 \| ret_from_fork+0x10/0x20 \| \| Allocated by task 1: \| kasan_save_stack+0x2c/0x54 \| kasan_set_track+0x2c/0x40 \| kasan_save_alloc_info+0x24/0x34 \| __kasan_kmalloc+0xa0/0xb8 \| __kmalloc_node_track_caller+0x6c/0x104 \| kstrdup+0x48/0x84 \| kstrdup_const+0x34/0x40 \| __scmi_device_create.part.0+0x8c/0x408 \| scmi_device_create+0x104/0x370 \| scmi_chan_setup+0x2a0/0x750 \| scmi_probe+0x7fc/0x1508 \| platform_probe+0xc4/0x19c \| really_probe+0x32c/0x99c \| __driver_probe_device+0x15c/0x3c4 \| driver_probe_device+0x5c/0x170 \| __driver_attach+0x1c8/0x440 \| bus_for_each_dev+0xf4/0x178 \| driver_attach+0x3c/0x58 \| bus_add_driver+0x234/0x4d4 \| driver_register+0xf4/0x3c0 \| __platform_driver_register+0x60/0x88 \| scmi_driver_init+0xb0/0x104 \| do_one_initcall+0xb4/0x664 \| kernel_init_freeable+0x3c8/0x894 \| kernel_init+0x24/0x1e8 \| ret_from_fork+0x10/0x20 \| \| Freed by task 1: \| kasan_save_stack+0x2c/0x54 \| kasan_set_track+0x2c/0x40 \| kasan_save_free_info+0x38/0x5c \| __kasan_slab_free+0xe8/0x164 \| __kmem_cache_free+0x11c/0x230 \| kfree+0x70/0x130 \| kfree_const+0x20/0x40 \| __scmi_device_destroy+0x70/0x280 \| scmi_device_destroy+0x94/0xd0 \| scmi_chan_setup+0x524/0x750 \| scmi_probe+0x7fc/0x1508 \| platform_probe+0xc4/0x19c \| really_probe+0x32c/0x99c \| __driver_probe_device+0x15c/0x3c4 \| driver_probe_device+0x5c/0x170 \| __driver_attach+0x1c8/0x440 \| bus_for_each_dev+0xf4/0x178 \| driver_attach+0x3c/0x58 \| bus_add_driver+0x234/0x4d4 \| driver_register+0xf4/0x3c0 \| __platform_driver_register+0x60/0x88 \| scmi_driver_init+0xb0/0x104 \| do_one_initcall+0xb4/0x664 \| kernel_init_freeable+0x3c8/0x894 \| kernel_init+0x24/0x1e8 \| ret_from_fork+0x10/0x20
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/15b17bbcea07d49c43d21aa700485cbd9f9d00d8 URL:https://git.kernel.org/stable/c/15b17bbcea07d49c43d21aa700485cbd9f9d00d8 MISC:https://git.kernel.org/stable/c/1e1f523b185a8ccdcba625b31ff0312d052900e2 URL:https://git.kernel.org/stable/c/1e1f523b185a8ccdcba625b31ff0312d052900e2 MISC:https://git.kernel.org/stable/c/295416091e44806760ccf753aeafdafc0ae268f3 URL:https://git.kernel.org/stable/c/295416091e44806760ccf753aeafdafc0ae268f3
Assigning CNA
kernel.org
Date Record Created
20241119	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241119)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)