In the Linux kernel, the following vulnerability has been resolved:
mm/slab: make __free(kfree) accept error pointers
Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831xgpiodbg_show().
171 char *label _free(kfree) = gpiochipduplinelabel(chip, i); 172 if (ISERR(label)) { 173 deverr(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 }
The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this.
{ "vanir_signatures": [ { "deprecated": false, "signature_type": "Line", "target": { "file": "include/linux/slab.h" }, "signature_version": "v1", "digest": { "line_hashes": [ "188308084789556458669766080546232350054", "148381421189978487634238039264344614864", "112344483279740263806479336609910238234", "280448661851164575566755577271697913107", "290308268090824608607408438996521520474", "14302852062511667412239398278479651226", "100696942354370133847927382780202133491", "24102597913220386422697716794280217756" ], "threshold": 0.9 }, "id": "CVE-2024-36890-61de69dd", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@cd7eb8f83fcf258f71e293f7fc52a70be8ed0128" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "include/linux/slab.h" }, "signature_version": "v1", "digest": { "line_hashes": [ "188308084789556458669766080546232350054", "148381421189978487634238039264344614864", "112344483279740263806479336609910238234", "280448661851164575566755577271697913107", "290308268090824608607408438996521520474", "14302852062511667412239398278479651226", "100696942354370133847927382780202133491", "24102597913220386422697716794280217756" ], "threshold": 0.9 }, "id": "CVE-2024-36890-75d50f47", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@79cbe0be6c0317b215ddd8bd3e32f0afdac48543" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "include/linux/slab.h" }, "signature_version": "v1", "digest": { "line_hashes": [ "188308084789556458669766080546232350054", "148381421189978487634238039264344614864", "112344483279740263806479336609910238234", "96123967154636878067169865332781791904" ], "threshold": 0.9 }, "id": "CVE-2024-36890-8ade6e14", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc" }, { "deprecated": false, "signature_type": "Line", "target": { "file": "include/linux/slab.h" }, "signature_version": "v1", "digest": { "line_hashes": [ "188308084789556458669766080546232350054", "148381421189978487634238039264344614864", "112344483279740263806479336609910238234", "96123967154636878067169865332781791904" ], "threshold": 0.9 }, "id": "CVE-2024-36890-b2d801f3", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@9f6eb0ab4f95240589ee85fd9886a944cd3645b2" } ] }