In the Linux kernel, the following vulnerability has been resolved:
of: Fix double free in ofparsephandlewithargs_map
In ofparsephandlewithargsmap() the inner loop that iterates through the map entries calls ofnode_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop.
Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur".
Extend the unittest to detect the double free and add an additional test case that actually triggers this path.
{ "vanir_signatures": [ { "target": { "file": "drivers/of/unittest.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cafa992134124e785609a406da4ff2b54052aff7", "digest": { "threshold": 0.9, "line_hashes": [ "121601635016153626609397939870141891029", "235073849461648710171689216976558383220", "164940920018555796073553065117084763506", "246831616162907654523263006774650667459", "124070767757314354045348243216148121932", "8080566059287880790759118404076285926", "316411346855790510830795131065439215381", "83817196662865746257429136469368901877", "60826088811912551699997195310491336667", "143010914825159501692535569698687127460", "113048986510161006095920118649604876363", "117617462465388747835468374600395154820", "38489680895861338587458980463198535944", "310362053114449108407975332064285144818", "72083286641456773468401330799678072229", "322966799101019881906859320655817647497", "71269186504489209431936916852185125967", "117054007967258925268122658244830305495", "185704800234304979120504560318402640718", "176146223552886196270449104337906644277", "34070117139704428705591082705523483299", "309796056079054682466629597146555397627", "94552851802980041233948576910945369264", "215239750526463910059554269454737854809", "84203333436312096185509507652868166219", "98680013370836283465692366599210909645", "220438787408629426605451919777985794670", "83159407701095560890382559473482426456", "100149912957068100028098169736655918823", "139964298945280368705728365060597673504", "210325910348927351422038128960850718611", "307924855092987377536654984517302372159", "144530614161393581242203098433188973784", "194231213537019125360355095670874416435", "176948224324513171947596191121967588935", "277294950800435597735803044190134229247", "337899914478221384981453116579289478803", "175931517453626387704954377493425747045", "17071108071979204999568410789591369782", "267665660179461128860869954413565267038", "297938303083109701035617877807519376992", "49407416640948434212491787321677248442", "126122743356616445146800280765206335615", "247553766577612367322450843217236435095", "1750971278322071847759740380487317020", "129495751769498666011182582342612404636", "132318063129054241329039165295680779366", "223470585774583717200194685867139847896", "130481883286029247078852687939361653294", "252191215885781629440653071554656783656", "214308385403388855653008972479458730775", "80483459021210682584096188358112023446", "155021368015191183347383859163006801035", "5566455816523702580652160986290628845", "108969716787035026270300473058213126379", "283291894354730618508462733670308971764", "25476738351095931363639808511715187330", "107095599391931989875447021772727646959", "223470585774583717200194685867139847896", "297647831131177803185125377701177559915", "129589619607285832426425375149209598544", "140914989030456995792232530424775513791", "27462172849654469462034460540896437098", "337151321624429794668411915757403968250", "7595736126974306299277592787260343920", "106967896274012403180584546121491985464", "203090879475699297590820900222886205786", "95800701640663760717783190845571754673", "305624643437140301796535459992469567985", "94506235690039868885247437406819922707", "229079566430090199385174344446407526534", "14452571863164020282312330071955606347", "91563681734470141538728633449784093059", "73928255400587221284470492361199097788", "261377452955624489786794071540360133204", "329449841978527446565556473007370944310", "144737753804963296573869500645273067450", "326667865770969006801092587492494638131" ] }, "id": "CVE-2023-52679-0329e7f1", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/of/base.c", "function": "of_parse_phandle_with_args_map" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5f490343c77e6708b6c4aa7dbbfbcbb9546adea", "digest": { "length": 2407.0, "function_hash": "310072787437944593924894247422189899090" }, "id": "CVE-2023-52679-063692d3", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c", "function": "of_unittest_parse_phandle_with_args" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cafa992134124e785609a406da4ff2b54052aff7", "digest": { "length": 4289.0, "function_hash": "204937863916397894191804264321886725233" }, "id": "CVE-2023-52679-3dcf46dc", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c", "function": "of_unittest_parse_phandle_with_args" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5f490343c77e6708b6c4aa7dbbfbcbb9546adea", "digest": { "length": 4293.0, "function_hash": "207781460039274592518276811293313046441" }, "id": "CVE-2023-52679-45eac02c", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/base.c", "function": "of_parse_phandle_with_args_map" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cafa992134124e785609a406da4ff2b54052aff7", "digest": { "length": 2407.0, "function_hash": "310072787437944593924894247422189899090" }, "id": "CVE-2023-52679-4f6d97a4", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c", "function": "of_unittest_parse_phandle_with_args" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8", "digest": { "length": 4289.0, "function_hash": "204937863916397894191804264321886725233" }, "id": "CVE-2023-52679-55cbc37b", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/base.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cafa992134124e785609a406da4ff2b54052aff7", "digest": { "threshold": 0.9, "line_hashes": [ "243497917489353036480949753364413283403", "150566142651174767885946955508059994645", "279343604305091146266454070337953724606", "101388328294965636614451611988549593192" ] }, "id": "CVE-2023-52679-77200afc", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c", "function": "of_unittest_parse_phandle_with_args_map" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8", "digest": { "length": 3618.0, "function_hash": "192072887524187723020595941937845665218" }, "id": "CVE-2023-52679-869b4971", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/base.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8", "digest": { "threshold": 0.9, "line_hashes": [ "243497917489353036480949753364413283403", "150566142651174767885946955508059994645", "279343604305091146266454070337953724606", "101388328294965636614451611988549593192" ] }, "id": "CVE-2023-52679-8a99fa98", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c", "function": "of_unittest_parse_phandle_with_args_map" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cafa992134124e785609a406da4ff2b54052aff7", "digest": { "length": 3618.0, "function_hash": "192072887524187723020595941937845665218" }, "id": "CVE-2023-52679-9f9676bd", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c", "function": "of_unittest_parse_phandle_with_args_map" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5f490343c77e6708b6c4aa7dbbfbcbb9546adea", "digest": { "length": 3602.0, "function_hash": "139428249734937058519462514997741441740" }, "id": "CVE-2023-52679-a11c2c9a", "deprecated": false, "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5f490343c77e6708b6c4aa7dbbfbcbb9546adea", "digest": { "threshold": 0.9, "line_hashes": [ "121601635016153626609397939870141891029", "235073849461648710171689216976558383220", "164940920018555796073553065117084763506", "246831616162907654523263006774650667459", "124070767757314354045348243216148121932", "8080566059287880790759118404076285926", "316411346855790510830795131065439215381", "83817196662865746257429136469368901877", "60826088811912551699997195310491336667", "143010914825159501692535569698687127460", "113048986510161006095920118649604876363", "117617462465388747835468374600395154820", "38489680895861338587458980463198535944", "310362053114449108407975332064285144818", "72083286641456773468401330799678072229", "322966799101019881906859320655817647497", "71269186504489209431936916852185125967", "117054007967258925268122658244830305495", "185704800234304979120504560318402640718", "176146223552886196270449104337906644277", "34070117139704428705591082705523483299", "309796056079054682466629597146555397627", "94552851802980041233948576910945369264", "215239750526463910059554269454737854809", "84203333436312096185509507652868166219", "98680013370836283465692366599210909645", "220438787408629426605451919777985794670", "83159407701095560890382559473482426456", "100149912957068100028098169736655918823", "139964298945280368705728365060597673504", "210325910348927351422038128960850718611", "307924855092987377536654984517302372159", "144530614161393581242203098433188973784", "194231213537019125360355095670874416435", "176948224324513171947596191121967588935", "277294950800435597735803044190134229247", "337899914478221384981453116579289478803", "175931517453626387704954377493425747045", "17071108071979204999568410789591369782", "267665660179461128860869954413565267038", "297938303083109701035617877807519376992", "49407416640948434212491787321677248442", "126122743356616445146800280765206335615", "247553766577612367322450843217236435095", "1750971278322071847759740380487317020", "129495751769498666011182582342612404636", "132318063129054241329039165295680779366", "223470585774583717200194685867139847896", "130481883286029247078852687939361653294", "252191215885781629440653071554656783656", "214308385403388855653008972479458730775", "80483459021210682584096188358112023446", "155021368015191183347383859163006801035", "5566455816523702580652160986290628845", "108969716787035026270300473058213126379", "283291894354730618508462733670308971764", "25476738351095931363639808511715187330", "107095599391931989875447021772727646959", "223470585774583717200194685867139847896", "297647831131177803185125377701177559915", "129589619607285832426425375149209598544", "140914989030456995792232530424775513791", "27462172849654469462034460540896437098", "337151321624429794668411915757403968250", "7595736126974306299277592787260343920", "106967896274012403180584546121491985464", "203090879475699297590820900222886205786", "95800701640663760717783190845571754673", "305624643437140301796535459992469567985", "94506235690039868885247437406819922707", "229079566430090199385174344446407526534", "14452571863164020282312330071955606347", "91563681734470141538728633449784093059", "73928255400587221284470492361199097788", "45422026547140177881759683136898977235", "208201377656433208009294546733005169528", "123213447988279305855809850593972404908", "326667865770969006801092587492494638131" ] }, "id": "CVE-2023-52679-c5ad75f4", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/of/base.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@d5f490343c77e6708b6c4aa7dbbfbcbb9546adea", "digest": { "threshold": 0.9, "line_hashes": [ "243497917489353036480949753364413283403", "150566142651174767885946955508059994645", "279343604305091146266454070337953724606", "101388328294965636614451611988549593192" ] }, "id": "CVE-2023-52679-d6fc6740", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/of/unittest.c" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8", "digest": { "threshold": 0.9, "line_hashes": [ "121601635016153626609397939870141891029", "235073849461648710171689216976558383220", "164940920018555796073553065117084763506", "246831616162907654523263006774650667459", "124070767757314354045348243216148121932", "8080566059287880790759118404076285926", "316411346855790510830795131065439215381", "83817196662865746257429136469368901877", "60826088811912551699997195310491336667", "143010914825159501692535569698687127460", "113048986510161006095920118649604876363", "117617462465388747835468374600395154820", "38489680895861338587458980463198535944", "310362053114449108407975332064285144818", "72083286641456773468401330799678072229", "322966799101019881906859320655817647497", "71269186504489209431936916852185125967", "117054007967258925268122658244830305495", "185704800234304979120504560318402640718", "176146223552886196270449104337906644277", "34070117139704428705591082705523483299", "309796056079054682466629597146555397627", "94552851802980041233948576910945369264", "215239750526463910059554269454737854809", "84203333436312096185509507652868166219", "98680013370836283465692366599210909645", "220438787408629426605451919777985794670", "83159407701095560890382559473482426456", "100149912957068100028098169736655918823", "139964298945280368705728365060597673504", "210325910348927351422038128960850718611", "307924855092987377536654984517302372159", "144530614161393581242203098433188973784", "194231213537019125360355095670874416435", "176948224324513171947596191121967588935", "277294950800435597735803044190134229247", "337899914478221384981453116579289478803", "175931517453626387704954377493425747045", "17071108071979204999568410789591369782", "267665660179461128860869954413565267038", "297938303083109701035617877807519376992", "49407416640948434212491787321677248442", "126122743356616445146800280765206335615", "247553766577612367322450843217236435095", "1750971278322071847759740380487317020", "129495751769498666011182582342612404636", "132318063129054241329039165295680779366", "223470585774583717200194685867139847896", "130481883286029247078852687939361653294", "252191215885781629440653071554656783656", "214308385403388855653008972479458730775", "80483459021210682584096188358112023446", "155021368015191183347383859163006801035", "5566455816523702580652160986290628845", "108969716787035026270300473058213126379", "283291894354730618508462733670308971764", "25476738351095931363639808511715187330", "107095599391931989875447021772727646959", "223470585774583717200194685867139847896", "297647831131177803185125377701177559915", "129589619607285832426425375149209598544", "140914989030456995792232530424775513791", "27462172849654469462034460540896437098", "337151321624429794668411915757403968250", "7595736126974306299277592787260343920", "106967896274012403180584546121491985464", "203090879475699297590820900222886205786", "95800701640663760717783190845571754673", "305624643437140301796535459992469567985", "94506235690039868885247437406819922707", "229079566430090199385174344446407526534", "14452571863164020282312330071955606347", "91563681734470141538728633449784093059", "73928255400587221284470492361199097788", "261377452955624489786794071540360133204", "329449841978527446565556473007370944310", "144737753804963296573869500645273067450", "326667865770969006801092587492494638131" ] }, "id": "CVE-2023-52679-db8c64d8", "deprecated": false, "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "drivers/of/base.c", "function": "of_parse_phandle_with_args_map" }, "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b64d09a4e8596f76d27f4b4a90a1cf6baf6a82f8", "digest": { "length": 2407.0, "function_hash": "310072787437944593924894247422189899090" }, "id": "CVE-2023-52679-ec6868aa", "deprecated": false, "signature_type": "Function", "signature_version": "v1" } ] }