Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:driver core: fix potential NULL pointer dereference in dev_uevent()If userspace reads "uevent" device attribute at the same time as anotherthreads unbinds the device from its driver, change to dev->driver from avalid pointer to NULL may result in crash. Fix this by using READ_ONCE()when fetching the pointer, and take bus' drivers klist lock to make suredriver instance will not disappear while we access it.Use WRITE_ONCE() when setting the driver pointer to ensure there is notearing.
No PoCs from references.
- https://github.com/ARPSyndicate/cve-scores