CVE-2023-53250

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle<br /> <br /> KASAN reported a null-ptr-deref error:<br /> <br /> KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]<br /> CPU: 0 PID: 1373 Comm: modprobe<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)<br /> RIP: 0010:dmi_sysfs_entry_release<br /> ...<br /> Call Trace:<br /> <br /> kobject_put<br /> dmi_sysfs_register_handle (drivers/firmware/dmi-sysfs.c:540) dmi_sysfs<br /> dmi_decode_table (drivers/firmware/dmi_scan.c:133)<br /> dmi_walk (drivers/firmware/dmi_scan.c:1115)<br /> dmi_sysfs_init (drivers/firmware/dmi-sysfs.c:149) dmi_sysfs<br /> do_one_initcall (init/main.c:1296)<br /> ...<br /> Kernel panic - not syncing: Fatal exception<br /> Kernel Offset: 0x4000000 from 0xffffffff81000000<br /> ---[ end Kernel panic - not syncing: Fatal exception ]---<br /> <br /> It is because previous patch added kobject_put() to release the memory<br /> which will call dmi_sysfs_entry_release() and list_del().<br /> <br /> However, list_add_tail(entry-&gt;list) is called after the error block,<br /> so the list_head is uninitialized and cannot be deleted.<br /> <br /> Move error handling to after list_add_tail to fix this.