DEBIAN-CVE-2024-47688

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix a potential null-ptr-deref in moduleadddriver() Inject fault while probing of-fpga-region, if kasprintf() fails in moduleadddriver(), the second sysfsremovelink() in exit path will cause null-ptr-deref as below because kernfsnamehash() will call strlen() with NULL drivername. Fix it by releasing resources based on the exit path sequence. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] Mem abort info: ESR = 0x0000000096000005 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x05: level 1 translation fault Data abort info: ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [dfffffc000000000] address between user and kernel address ranges Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: offpgaregion(+) fpgaregion fpgabridge cfg80211 rfkill 8021q garp mrp stp llc ipv6 [last unloaded: offpgaregion] CPU: 2 UID: 0 PID: 2036 Comm: modprobe Not tainted 6.11.0-rc2-g6a0e38264012 #295 Hardware name: linux,dummy-virt (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : strlen+0x24/0xb0 lr : kernfsnamehash+0x1c/0xc4 sp : ffffffc081f97380 x29: ffffffc081f97380 x28: ffffffc081f97b90 x27: ffffff80c821c2a0 x26: ffffffedac0be418 x25: 0000000000000000 x24: ffffff80c09d2000 x23: 0000000000000000 x22: 0000000000000000 x21: 0000000000000000 x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000001840 x17: 0000000000000000 x16: 0000000000000000 x15: 1ffffff8103f2e42 x14: 00000000f1f1f1f1 x13: 0000000000000004 x12: ffffffb01812d61d x11: 1ffffff01812d61c x10: ffffffb01812d61c x9 : dfffffc000000000 x8 : 0000004fe7ed29e4 x7 : ffffff80c096b0e7 x6 : 0000000000000001 x5 : ffffff80c096b0e0 x4 : 1ffffffdb990efa2 x3 : 0000000000000000 x2 : 0000000000000000 x1 : dfffffc000000000 x0 : 0000000000000000 Call trace: strlen+0x24/0xb0 kernfsnamehash+0x1c/0xc4 kernfsfindns+0x118/0x2e8 kernfsremovebynamens+0x80/0x100 sysfsremovelink+0x74/0xa8 moduleadddriver+0x278/0x394 busadddriver+0x1f0/0x43c driverregister+0xf4/0x3c0 _platformdriverregister+0x60/0x88 offpgaregioninit+0x20/0x1000 [offpgaregion] dooneinitcall+0x110/0x788 doinitmodule+0x1dc/0x5c8 loadmodule+0x3c38/0x4cac initmodulefromfile+0xd4/0x128 idempotentinitmodule+0x2cc/0x528 _arm64sysfinitmodule+0xac/0x100 invokesyscall+0x6c/0x258 el0svccommon.constprop.0+0x160/0x22c doel0svc+0x44/0x5c el0svc+0x48/0xb8 el0t64synchandler+0x13c/0x158 el0t64_sync+0x190/0x194 Code: f2fbffe1 a90157f4 12000802 aa0003f5 (38e16861) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception