CVE-2022-49391
Published: 26 February 2025
Description
In the Linux kernel, the following vulnerability has been resolved: remoteproc: mtk_scp: Fix a potential double free 'scp->rproc' is allocated using devm_rproc_alloc(), so there is no need to free it explicitly in the remove function.
Security Summary
CVE-2022-49391 is a double free vulnerability (CWE-415) in the Linux kernel's remoteproc subsystem, specifically the mtk_scp driver. The issue arises because the 'scp->rproc' structure is allocated using devm_rproc_alloc(), a managed allocation that is automatically freed by the device model. However, the driver's remove function explicitly frees it, potentially leading to a double free if the managed cleanup also occurs.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low complexity (AC:L) and no user interaction (UI:N), requiring only local access (AV:L) to the affected system. Successful exploitation could result in high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with an unchanged security scope (S:U), as rated by the CVSS v3.1 base score of 7.8. This might allow the attacker to cause denial of service, memory corruption, or potentially elevate privileges through crafted operations on the mtk_scp remote processor interface.
Mitigation involves applying the upstream patches from the Linux kernel stable repository. The fixing commits, adc02700236613b344a947a897fc2741d52a43b9 and eac3e5b1c12f85732e60f5f8b985444d273866bb, remove the explicit free of 'scp->rproc' in the remove function, preventing the double free. Systems running affected kernel versions should update to a patched release.
Details
- CWE(s)