Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2023-53250

Description

In the Linux kernel, the following vulnerability has been resolved:firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handleKASAN reported a null-ptr-deref error:KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]CPU: 0 PID: 1373 Comm: modprobeHardware name: QEMU Standard PC (i440FX + PIIX, 1996)RIP: 0010:dmi_sysfs_entry_release...Call Trace: kobject_put dmi_sysfs_register_handle (drivers/firmware/dmi-sysfs.c:540) dmi_sysfs dmi_decode_table (drivers/firmware/dmi_scan.c:133) dmi_walk (drivers/firmware/dmi_scan.c:1115) dmi_sysfs_init (drivers/firmware/dmi-sysfs.c:149) dmi_sysfs do_one_initcall (init/main.c:1296) ...Kernel panic - not syncing: Fatal exceptionKernel Offset: 0x4000000 from 0xffffffff81000000---[ end Kernel panic - not syncing: Fatal exception ]---It is because previous patch added kobject_put() to release the memorywhich will call dmi_sysfs_entry_release() and list_del().However, list_add_tail(entry->list) is called after the error block,so the list_head is uninitialized and cannot be deleted.Move error handling to after list_add_tail to fix this.

POC

Reference

No PoCs from references.

Github

- https://github.com/fkie-cad/nvd-json-data-feeds