Updated: 2024-08-13 01:51:40.384791
Description:
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, which means that private_data will not be NULL when wmi_char_open() is called. This might cause memory corruption should wmi_char_open() be unable to find its driver, something which can happen when the associated WMI device is deleted in wmi_free_devices(). Fix the problem by using the miscdevice pointer to retrieve the WMI device data associated with a char device using container_of(). This also avoids wmi_char_open() picking a wrong WMI device bound to a driver with the same name as the original driver.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | NONE | 0 |
CVSS Version 3.x | MEDIUM | 4.4 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | kernel | 5.14.0 | 4.4 | MEDIUM | Needs Triage | 2024-08-21 14:26:51 | |
AlmaLinux 9.2 FIPS | kernel | 5.14.0 | 4.4 | MEDIUM | Ignored | 2024-08-13 14:26:05 | |
CentOS 6 ELS | kernel | 2.6.32 | 4.4 | MEDIUM | Ignored | 2024-08-13 14:26:06 | |
CentOS 7 ELS | kernel | 3.10.0 | 4.4 | MEDIUM | Ignored | 2024-08-13 14:26:03 | |
CentOS 8.4 ELS | kernel | 4.18.0 | 4.4 | MEDIUM | Ignored | 2024-08-20 05:26:51 | |
CentOS 8.5 ELS | kernel | 4.18.0 | 4.4 | MEDIUM | Ignored | 2024-08-20 05:26:51 | |
CentOS Stream 8 ELS | kernel | 4.18.0 | 4.4 | MEDIUM | Ignored | 2024-08-20 05:26:51 | |
CloudLinux 6 ELS | kernel | 2.6.32 | 4.4 | MEDIUM | Ignored | 2024-08-13 14:26:06 | |
CloudLinux 7 ELS | kernel | 3.10.0 | 4.4 | MEDIUM | Ignored | 2024-08-13 14:26:03 | |
Oracle Linux 6 ELS | kernel | 2.6.32 | 4.4 | MEDIUM | Ignored | 2024-08-13 14:26:03 |