媒体:edia:dvbdev:修复释放后使用 (CVE-2024-27043)

CVE编号

CVE-2024-27043

利用情况

暂无

补丁情况

N/A

披露时间

2024-05-01
漏洞描述
In the Linux kernel, the following vulnerability has been resolved:

media: edia: dvbdev: fix a use-after-free

In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:

budget_register
|-> dvb_dmxdev_init
|-> dvb_register_device
|-> dvb_dmxdev_release
|-> dvb_unregister_device
|-> dvb_remove_device
|-> dvb_device_put
|-> kref_put

When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644
https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e
https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f465b07d
https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712
https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62
https://git.kernel.org/stable/c/8c64f4cdf4e6cc5682c52523713af8c39c94e6d5
https://git.kernel.org/stable/c/b7586e902128e4fb7bfbb661cb52e4215a65637b
https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856
https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
系统 debian_12 linux * Up to
(excluding)
6.1.85-1
CVSS3评分
N/A
  • 攻击路径
    N/A
  • 攻击复杂度
    N/A
  • 权限要求
    N/A
  • 影响范围
    N/A
  • 用户交互
    N/A
  • 可用性
    N/A
  • 保密性
    N/A
  • 完整性
    N/A
N/A
CWE-ID 漏洞类型
阿里云安全产品覆盖情况