CVE-2024-53198
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/12/2024
Last modified:
27/12/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
xen: Fix the issue of resource not being properly released in xenbus_dev_probe()<br />
<br />
This patch fixes an issue in the function xenbus_dev_probe(). In the<br />
xenbus_dev_probe() function, within the if (err) branch at line 313, the<br />
program incorrectly returns err directly without releasing the resources<br />
allocated by err = drv->probe(dev, id). As the return value is non-zero,<br />
the upper layers assume the processing logic has failed. However, the probe<br />
operation was performed earlier without a corresponding remove operation.<br />
Since the probe actually allocates resources, failing to perform the remove<br />
operation could lead to problems.<br />
<br />
To fix this issue, we followed the resource release logic of the<br />
xenbus_dev_remove() function by adding a new block fail_remove before the<br />
fail_put block. After entering the branch if (err) at line 313, the<br />
function will use a goto statement to jump to the fail_remove block,<br />
ensuring that the previously acquired resources are correctly released,<br />
thus preventing the reference count leak.<br />
<br />
This bug was identified by an experimental static analysis tool developed<br />
by our team. The tool specializes in analyzing reference count operations<br />
and detecting potential issues where resources are not properly managed.<br />
In this case, the tool flagged the missing release operation as a<br />
potential problem, which led to the development of this patch.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/0aa9e30b5b4af5dd504801689d6d84c584290a45
- https://git.kernel.org/stable/c/217bdce88b104269b73603b84d0ab4dd04f481bc
- https://git.kernel.org/stable/c/2f977a4c82d35d063f5fe198bbc501c4b1c5ea0e
- https://git.kernel.org/stable/c/3fc0996d2fefe61219375fd650601724b8cf2d30
- https://git.kernel.org/stable/c/804b96f8d0a02fa10b92f28b2e042f9128ed3ffc
- https://git.kernel.org/stable/c/87106169b4ce26f85561f953d13d1fd86d99b612
- https://git.kernel.org/stable/c/afc545da381ba0c651b2658966ac737032676f01
- https://git.kernel.org/stable/c/e8823e6ff313465910edea07581627d85e68d9fd