[SRU][J][PATCH 0/1] CVE-2024-53068
Alice C. Munduruca
alice.munduruca at canonical.com
Wed Oct 1 21:40:07 UTC 2025
[ Impact ]
A use-after-free bug is possible in the arm_scmi firmware,
since the `->name` attribute of `scmi_dev` is freed before the
whole truly falls out of usage. The solution is thus to not
prematurely free this value, and only do so when it is safe, i.e.
when `scmi_device_release` is called.
[ Fix ]
jammy: backported from the upstream commit, applying diff over
the changes to `scmi_device_destroy` and
`scmi_device_create`.
[ Tests ]
Compile and boot tested.
[ Where problems could occur ]
The changes should be sound and cause no leaks when the device is
released, although this could be one of the only potential
regressions, since now the memory deallocation occurs at that
point. The minimal scope of changes also limits the possibility
of major regressions.
Xinqi Zhang (1):
firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
drivers/firmware/arm_scmi/bus.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
--
2.48.1
More information about the kernel-team
mailing list