First published: Mon Oct 21 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that will crash in sysfs_remove_group(). [Shortened for readability] [91854.020159] sysfs: cannot create duplicate filename '/devices/platform/coretemp.0/hwmon/hwmon2/temp20_label' <cpu offline> [91855.126115] BUG: kernel NULL pointer dereference, address: 0000000000000188 [91855.165103] #PF: supervisor read access in kernel mode [91855.194506] #PF: error_code(0x0000) - not-present page [91855.224445] PGD 0 P4D 0 [91855.238508] Oops: 0000 [#1] PREEMPT SMP PTI ... [91855.342716] RIP: 0010:sysfs_remove_group+0xc/0x80 ... [91855.796571] Call Trace: [91855.810524] coretemp_cpu_offline+0x12b/0x1dd [coretemp] [91855.841738] ? coretemp_cpu_online+0x180/0x180 [coretemp] [91855.871107] cpuhp_invoke_callback+0x105/0x4b0 [91855.893432] cpuhp_thread_fun+0x8e/0x150 ... Fix this by checking for NULL first.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Linux kernel | >=3.0<4.9.335 | |
Linux Linux kernel | >=4.10<4.14.301 | |
Linux Linux kernel | >=4.15<4.19.268 | |
Linux Linux kernel | >=4.20<5.4.226 | |
Linux Linux kernel | >=5.5<5.10.158 | |
Linux Linux kernel | >=5.11<5.15.82 | |
Linux Linux kernel | >=5.16<6.0.12 | |
Linux Linux kernel | =6.1-rc1 | |
Linux Linux kernel | =6.1-rc2 | |
Linux Linux kernel | =6.1-rc3 | |
Linux Linux kernel | =6.1-rc4 | |
Linux Linux kernel | =6.1-rc5 | |
Linux Linux kernel | =6.1-rc6 | |
Linux Linux kernel | =6.1-rc7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.