CVE-2024-53193
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider
Some heap space is allocated for the flexible structure struct clk_hw_onecell_data and its flexible-array member hws through
the composite structure struct loongson2_clk_provider in function
loongson2_clk_probe(), as shown below:
289 struct loongson2_clk_provider *clp; … 296 for (p = data; p->name; p++) 297 clks_num++; 298 299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num), 300 GFP_KERNEL);
Then some data is written into the flexible array:
350 clp->clk_data.hws[p->id] = hw;
This corrupts clk_lock, which is the spinlock variable immediately
following the clk_data member in struct loongson2_clk_provider:
struct loongson2_clk_provider { void __iomem *base; struct device dev; struct clk_hw_onecell_data clk_data; spinlock_t clk_lock; / protect access to DIV registers */ };
The problem is that the flexible structure is currently placed in the
middle of struct loongson2_clk_provider instead of at the end.
Fix this by moving struct clk_hw_onecell_data clk_data; to the end of
struct loongson2_clk_provider. Also, add a code comment to help
prevent this from happening again in case new members are added to the
structure in the future.
This change also fixes the following -Wflex-array-member-not-at-end warning:
drivers/clk/clk-loongson2.c:32:36: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 9796ec0bd04bb0e70487127d44949ca0554df5d3 < 76918202615f2ba7deda14901d9fff528a180099 | affected |
| Linux | Linux | 9796ec0bd04bb0e70487127d44949ca0554df5d3 < 145de18065b9840687d9b4e63746238c1da25d22 | affected |
| Linux | Linux | 9796ec0bd04bb0e70487127d44949ca0554df5d3 < 6e4bf018bb040955da53dae9f8628ef8fcec2dbe | affected |
| Linux | Linux | 6.10 | affected |
| Linux | Linux | 0 < 6.10 | unaffected |
| Linux | Linux | 6.11.11 <= 6.11.* | unaffected |
| Linux | Linux | 6.12.2 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://git.kernel.org/stable/c/76918202615f2ba7deda14901d9fff528a180099
- https://git.kernel.org/stable/c/145de18065b9840687d9b4e63746238c1da25d22
- https://git.kernel.org/stable/c/6e4bf018bb040955da53dae9f8628ef8fcec2dbe
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.