APPLIED: [SRU][J][PATCH 0/1] CVE-2024-53068
Edoardo Canepa
edoardo.canepa at canonical.com
Fri Oct 10 10:49:27 UTC 2025
Applied to jammy/master-next. Thanks.
On 10/1/25 23:40, Alice C. Munduruca wrote:
> [ Impact ]
>
> A use-after-free bug is possible in the arm_scmi firmware,
> since the `->name` attribute of `scmi_dev` is freed before the
> whole truly falls out of usage. The solution is thus to not
> prematurely free this value, and only do so when it is safe, i.e.
> when `scmi_device_release` is called.
>
> [ Fix ]
>
> jammy: backported from the upstream commit, applying diff over
> the changes to `scmi_device_destroy` and
> `scmi_device_create`.
>
> [ Tests ]
>
> Compile and boot tested.
>
> [ Where problems could occur ]
>
> The changes should be sound and cause no leaks when the device is
> released, although this could be one of the only potential
> regressions, since now the memory deallocation occurs at that
> point. The minimal scope of changes also limits the possibility
> of major regressions.
>
>
> Xinqi Zhang (1):
> firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
>
> drivers/firmware/arm_scmi/bus.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/d9e3477d/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/d9e3477d/attachment.sig>
More information about the kernel-team
mailing list