CVE-2024-53193
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-53193
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-53193.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-53193
- Downstream
- Related
- Published
- 2024-12-27T14:15:26Z
- Modified
- 2025-09-19T16:56:53Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
clk: clk-loongson2: Fix memory corruption bug in struct loongson2clkprovider
Some heap space is allocated for the flexible structure
struct clk_hw_onecell_dataand its flexible-array memberhwsthrough the composite structurestruct loongson2_clk_providerin functionloongson2_clk_probe(), as shown below:289 struct loongson2clkprovider *clp; ... 296 for (p = data; p->name; p++) 297 clksnum++; 298 299 clp = devmkzalloc(dev, structsize(clp, clkdata.hws, clksnum), 300 GFPKERNEL);
Then some data is written into the flexible array:
350 clp->clk_data.hws[p->id] = hw;
This corrupts
clk_lock, which is the spinlock variable immediately following theclk_datamember instruct loongson2_clk_provider:struct loongson2clkprovider { void _iomem *base; struct device *dev; struct clkhwonecelldata clkdata; spinlockt clk_lock; /* protect access to DIV registers */ };
The problem is that the flexible structure is currently placed in the middle of
struct loongson2_clk_providerinstead of at the end.Fix this by moving
struct clk_hw_onecell_data clk_data;to the end ofstruct loongson2_clk_provider. Also, add a code comment to help prevent this from happening again in case new members are added to the structure in the future.This change also fixes the following -Wflex-array-member-not-at-end warning:
drivers/clk/clk-loongson2.c:32:36: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end]
- References