Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3312: cpufreq: qcom-cpufreq-hw: fix double IO unmap and resource release on exit

A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.

CVE
#vulnerability#linux#dos

@@ -43,7 +43,6 @@ struct qcom_cpufreq_soc_data {

struct qcom_cpufreq_data { void __iomem *base; - struct resource *res;

/\*
 \* Mutex to synchronize between de-init sequence and re-starting LMh

@@ -590,16 +589,12 @@ static int qcom_cpufreq_hw_cpu_exit(struct cpufreq_policy *policy) { struct device *cpu_dev = get_cpu_device(policy->cpu); struct qcom_cpufreq_data *data = policy->driver_data; - struct resource *res = data->res; - void __iomem *base = data->base;

dev\_pm\_opp\_remove\_all\_dynamic(cpu\_dev);
dev\_pm\_opp\_of\_cpumask\_remove\_table(policy->related\_cpus);
qcom\_cpufreq\_hw\_lmh\_exit(data);
kfree(policy->freq\_table);
kfree(data);

- iounmap(base); - release_mem_region(res->start, resource_size(res));

return 0;

} @@ -718,17 +713,15 @@ static int qcom_cpufreq_hw_driver_probe(struct platform_device *pdev) for (i = 0; i < num_domains; i++) { struct qcom_cpufreq_data *data = &qcom_cpufreq.data[i]; struct clk_init_data clk_init = {}; - struct resource *res; void __iomem *base;

- base = devm_platform_get_and_ioremap_resource(pdev, i, &res);

  •   base = devm\_platform\_ioremap\_resource(pdev, i);
      if (IS\_ERR(base)) {
    

- dev_err(dev, "Failed to map resource %pR\n", res);

  •       dev\_err(dev, "Failed to map resource index %d\\n", i);
          return PTR\_ERR(base);
      }
    
      data->base = base;
    

- data->res = res;

    /\* Register CPU clock for each frequency domain \*/
    clk\_init.name = kasprintf(GFP\_KERNEL, "qcom\_cpufreq%d", i);

Related news

Ubuntu Security Notice USN-6283-1

Ubuntu Security Notice 6283-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907