CVE-2024-24862: In function pci1xxxx_spi_probe, there is a potential null pointer weakness found. (15-04-2024)

Preface: Ref: ENOMEM – no memory can be allocated by a function in the library. Note that malloc, calloc, and realloc do not set errno to ENOMEM on failure, but other library routines (the remedy display on diagram) may set errno to ENOMEM when memory allocation fails.

Technical reference: What is the function of probe in kernel driver?

The probe() entry is called in task context, with the bus’s rwsem locked and the driver partially bound to the device. Drivers commonly use container_of() to convert “dev” to a bus-specific type, both in probe() and other routines. That type often provides device resource data, such as pci_dev.

Vulnerability details: In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a failed memory allocation by the function devm_kzalloc. Hence, a null pointer check needs to be added to prevent null pointer dereferencing later in the code. To fix this issue, spi_bus->spi_int[iter] should be checked. The memory allocated by devm_kzalloc will be automatically released, so just directly return -ENOMEM without worrying about memory leaks.

Official announcement: Please refer to the link for details –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.