CVE-2024-35847

irqchip/gic-v3-its: Prevent double free on error

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

irqchip/gic-v3-its: Prevent double free on error

The error handling path in its_vpe_irq_domain_alloc() causes a double free
when its_vpe_init() fails after successfully allocating at least one
interrupt. This happens because its_vpe_irq_domain_free() frees the
interrupts along with the area bitmap and the vprop_page and
its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the
vprop_page again.

Fix this by unconditionally invoking its_vpe_irq_domain_free() which
handles all cases correctly and by removing the bitmap/vprop_page freeing
from its_vpe_irq_domain_alloc().

[ tglx: Massaged change log ]

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: irqchip/gic-v3-its: Evitar el double free en caso de error. La ruta de manejo de errores en its_vpe_irq_domain_alloc() provoca un double free cuando its_vpe_init() falla después de asignar exitosamente al menos una interrupción. Esto sucede porque its_vpe_irq_domain_free() libera las interrupciones junto con el mapa de bits del área y la vprop_page y its_vpe_irq_domain_alloc() posteriormente libera nuevamente el mapa de bits del área y la vprop_page. Solucione este problema invocando incondicionalmente its_vpe_irq_domain_free() que maneja todos los casos correctamente y eliminando el mapa de bits/vprop_page que se libera de its_vpe_irq_domain_alloc().

*Credits: N/A

CVSS Scores

Red Hatv3.1 5.5

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-17 CVE Reserved
2024-05-17 CVE Published
2024-05-18 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (13)

URL	Tag	Source
https://git.kernel.org/stable/c/7d75bbb4bc1ad90386776459d37e4ddfe605671e	Vuln. Introduced
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/f5417ff561b8ac9a7e53c747b8627a7ab58378ae	2024-05-02
https://git.kernel.org/stable/c/b72d2b1448b682844f995e660b77f2a1fabc1662	2024-05-02
https://git.kernel.org/stable/c/aa44d21574751a7d6bca892eb8e0e9ac68372e52	2024-05-02
https://git.kernel.org/stable/c/5dbdbe1133911ca7d8466bb86885adec32ad9438	2024-05-02
https://git.kernel.org/stable/c/dd681710ab77c8beafe2e263064cb1bd0e2d6ca9	2024-05-02
https://git.kernel.org/stable/c/03170e657f62c26834172742492a8cb8077ef792	2024-05-02
https://git.kernel.org/stable/c/5b012f77abde89bf0be8a0547636184fea618137	2024-05-02
https://git.kernel.org/stable/c/c26591afd33adce296c022e3480dea4282b7ef91	2024-04-25

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-35847	2024-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=2281268	2024-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 4.19.313 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 4.19.313"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 5.4.275 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 5.4.275"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 5.10.216 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 5.10.216"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 5.15.158 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 5.15.158"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.1.90 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.1.90"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.6.30 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.6.30"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.8.9"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 4.14 < 6.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 4.14 < 6.9"		en		Affected