Can you explain this vulnerability to me?

This vulnerability is a double free error in the Linux kernel's CPU frequency scaling governor code, specifically in the cpufreq_dbs_governor_init() function. When an error occurs during the initialization process (specifically when kobject_init_and_add() fails), the code mistakenly frees the same memory twice. This happens because the cleanup function gov->exit(dbs_data) and the memory free function kfree(dbs_data) are called twice on the same data structure, leading to a double free.

The fix involves adjusting the cleanup process so that after kobject_init_and_add() has been called, the kobject_put() function handles the cleanup through the cpufreq_dbs_data_release() callback, avoiding the second free. For the failure path before kobject_init_and_add(), the direct kfree(dbs_data) is kept.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

A double free vulnerability can lead to undefined behavior such as memory corruption, system crashes, or potential exploitation by attackers to execute arbitrary code or escalate privileges. In the context of the Linux kernel, this could compromise system stability or security.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

The vulnerability is a double free in the cpufreq_dbs_governor_init() function in the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version where this issue has been fixed.

Specifically, ensure that your kernel includes the fix that changes the error handling path to let kobject_put() handle cleanup after kobject_init_and_add() has been called, preventing the double free.

If updating immediately is not possible, consider avoiding use of the cpufreq_dbs governor or any functionality that triggers cpufreq_dbs_governor_init() until the fix is applied.

Useful 0 Not Useful 0