CVE-2024-57904
Published: 19 January 2025
Description
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input.
Security Summary
CVE-2024-57904 is a vulnerability in the Linux kernel's Industrial I/O (IIO) ADC AT91 driver, specifically within the at91_ts_register() function. The issue arises because the current implementation calls input_free_device() on st->ts_input during error handling, but the error label (err) can be reached before the allocated iio_dev is assigned to st->ts_input. This leads to improper cleanup of the input device. The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized disclosure of information, modification of data, and denial of service through potential memory corruption or crashes stemming from the mishandled device freeing.
Mitigation involves applying the patches from the referenced kernel stable commits, such as https://git.kernel.org/stable/c/028a1ba8e3bae593d701aee4f690ce7c195b67d6 and others listed, which correct the input_free_device() call to target the local 'input' variable instead of st->ts_input on the error path. Security practitioners should update affected Linux kernel versions accordingly.
Details
- CWE(s)