CVE-2023-54087

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ubi: Fix possible null-ptr-deref in ubi_free_volume()<br /> <br /> It willl cause null-ptr-deref in the following case:<br /> <br /> uif_init()<br /> ubi_add_volume()<br /> cdev_add() -&gt; if it fails, call kill_volumes()<br /> device_register()<br /> <br /> kill_volumes() -&gt; if ubi_add_volume() fails call this function<br /> ubi_free_volume()<br /> cdev_del()<br /> device_unregister() -&gt; trying to delete a not added device,<br /> it causes null-ptr-deref<br /> <br /> So in ubi_free_volume(), it delete devices whether they are added<br /> or not, it will causes null-ptr-deref.<br /> <br /> Handle the error case whlie calling ubi_add_volume() to fix this<br /> problem. If add volume fails, set the corresponding vol to null,<br /> so it can not be accessed in kill_volumes() and release the<br /> resource in ubi_add_volume() error path.