Updated: 2024-06-27 22:47:04.279401
Description:
In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all gluebi_notify nb->notifier_call() gluebi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std gluebi_read mtd->read() gluebi->desc - NULL Detailed reproduction information available at the Link [1], In the normal case, obtain gluebi->desc in the gluebi_get_device(), and access gluebi->desc in the gluebi_read(). However, gluebi_get_device() is not executed in advance in the ftl_add_mtd() process, which leads to NULL pointer dereference. The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 5.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Released | CLSA-2024:1712263970 | 2024-04-07 09:53:59 |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 5.5 | MEDIUM | Released | CLSA-2024:1712570434 | 2024-04-08 10:41:20 |
CentOS 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-03-19 09:54:51 | |
CentOS 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Ignored | 2024-03-19 09:54:48 | |
CentOS 8.4 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Released | CLSA-2024:1711026398 | 2024-03-21 09:52:16 |
CentOS 8.5 ELS | kernel | 4.18.0 | 5.5 | MEDIUM | Released | CLSA-2024:1711026811 | 2024-03-21 09:52:17 |
CloudLinux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-03-19 09:54:51 | |
Oracle Linux 6 ELS | kernel | 2.6.32 | 5.5 | MEDIUM | Ignored | 2024-03-19 09:54:48 | |
Ubuntu 16.04 ELS | linux | 4.4.0 | 5.5 | MEDIUM | Released | CLSA-2024:1710945589 | 2024-03-20 11:09:15 |
Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.5 | MEDIUM | Released | CLSA-2024:1710946064 | 2024-03-20 11:09:18 |