Detailed Analysis and Mitigation of CVE-2024-35977

Published on: 09-12-2024 By Soc Team

Overview

The Linux kernel has recently addressed a critical vulnerability identified as CVE-2024-35977. This vulnerability concerns a race condition in the cros_ec_uart module, which may allow a NULL pointer dereference leading to potential system crashes. This article delves into the details of this CVE and provides a comprehensive guide to mitigate it.

Details of CVE-2024-35977

In the cros_ec_uart module of the Linux kernel, a race condition was discovered in the cros_ec_uart_probe() function. The function calls devm_serdev_device_open() before setting up serdev->ops via serdev_device_set_client_ops(). This mis-sequencing can trigger a NULL pointer dereference, causing a kernel bug:

BUG: kernel NULL pointer dereference, address: 0000000000000000
...
Call Trace:
<TASK>
...
? ttyport_receive_buf

The simplified crashing code highlights the issue:

static inline size_t serdev_controller_receive_buf(struct serdev_controller *ctrl,
                  const u8 *data,
                  size_t count)
{
     struct serdev_device *serdev = ctrl->serdev;
     if (!serdev || !serdev->ops->receive_buf) // CRASH!
                                                         return 0;
     return serdev->ops->receive_buf(serdev, data, count);
}

As highlighted, the function assumes that if SERPORT_ACTIVE is set and serdev exists, then serdev->ops would also exist. This logic was flawed, as devm_serdev_device_open() sets SERPORT_ACTIVE before assigning serdev->ops.

Affected Versions

The affected versions for this vulnerability include:

  • Versions between 01f95d42b8f4 and cfd758041d8b
  • Versions between 01f95d42b8f4 and 9e9bb74a93b7
  • Versions between 01f95d42b8f4 and 5e700b384ec1
  • Version 6.3

Versions unaffected by this issue include:

  • Any version less than 6.3
  • Version 6.6.28 and less than or equal to 6.6.*
  • Version 6.8.7 and less than or equal to 6.8.*
  • Version 6.9 and newer

Mitigation Steps

To mitigate CVE-2024-35977, it’s recommended to update to the latest unaffected versions of the Linux kernel. Here are the corrective commits to apply:

The primary mitigation strategy involves ensuring that serdev->ops is set before invoking devm_serdev_device_open(), thereby narrowing the error window that leads to the race condition and subsequent crash.

Linux system administrators and security personnel should prioritize updating their kernel to one of the unaffected versions to safeguard against this vulnerability.

Conclusion

CVE-2024-35977 represents a critical yet resolvable vulnerability within the Linux kernel. By closely following the mitigation steps detailed above and keeping abreast of kernel updates, you can ensure your systems remain secure and resilient against such threats.

Related Posts

Understanding and Mitigating CVE-2024-4214: WordPress Car Dealer Plugin XSS Vulnerability

Learn about CVE-2024-4214, a basic XSS vulnerability in the WordPress Car Dealer plugin, and how to mitigate it.

Mitigating CVE-2024-4504: Ruijie RG-UAC OS Command Injection Vulnerability

Learn how to mitigate the CVE-2024-4504 OS command injection vulnerability in Ruijie RG-UAC systems to secure your network.

CVE-2024-4010: Addressing Missing Authorization in Email Subscribers by Icegram Express

Learn how to mitigate CVE-2024-4010, a high-severity vulnerability in Email Subscribers by Icegram Express for WordPress.

Advertise Here