CVE-2022-50616

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> regulator: core: Use different devices for resource allocation and DT lookup<br /> <br /> Following by the below discussion, there&amp;#39;s the potential UAF issue<br /> between regulator and mfd.<br /> https://lore.kernel.org/all/20221128143601.1698148-1-yangyingliang@huawei.com/<br /> <br /> From the analysis of Yingliang<br /> <br /> CPU A |CPU B<br /> mt6370_probe() |<br /> devm_mfd_add_devices() |<br /> |mt6370_regulator_probe()<br /> | regulator_register()<br /> | //allocate init_data and add it to devres<br /> | regulator_of_get_init_data()<br /> i2c_unregister_device() |<br /> device_del() |<br /> devres_release_all() |<br /> // init_data is freed |<br /> release_nodes() |<br /> | // using init_data causes UAF<br /> | regulator_register()<br /> <br /> It&amp;#39;s common to use mfd core to create child device for the regulator.<br /> In order to do the DT lookup for init data, the child that registered<br /> the regulator would pass its parent as the parameter. And this causes<br /> init data resource allocated to its parent, not itself. The issue happen<br /> when parent device is going to release and regulator core is still doing<br /> some operation of init data constraint for the regulator of child device.<br /> <br /> To fix it, this patch expand &amp;#39;regulator_register&amp;#39; API to use the<br /> different devices for init data allocation and DT lookup.