What immediate steps should I take to mitigate this vulnerability?

The vulnerability is fixed in the Linux kernel by correcting the double free error in the reset_add_gpio_aux_device() function. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

• Check your current kernel version using: uname -r
• Update the Linux kernel to the latest stable release provided by your distribution or from the official Linux kernel sources.
• Reboot your system to load the updated kernel.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability is a double free bug in the Linux kernel's reset subsystem related to GPIO auxiliary devices. Specifically, when the function __auxiliary_device_add() fails, the error handling path in reset_add_gpio_aux_device() calls auxiliary_device_uninit(), which triggers the device release callback reset_gpio_aux_device_release() to free the auxiliary device structure (adev). However, after this callback, the error path attempts to free the same structure again using kfree(adev), causing a double free.

The fix involves keeping the kfree(adev) call only for the failure path of auxiliary_device_init(), and avoiding freeing adev after auxiliary_device_uninit() to prevent the double free.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or escalate privileges. In the context of the Linux kernel, this could compromise system stability and security.

Useful 0 Not Useful 0