cve-2022-48759
Vulnerability from cvelistv5
Published
2024-06-20 11:13
Modified
2024-12-19 08:07
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev is a managed object, therefore its release is not predictable and the rpmsg_ctrldev could be freed before the cdev is entirely released, as in the backtrace below. [ 93.625603] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x7c [ 93.636115] WARNING: CPU: 0 PID: 12 at lib/debugobjects.c:488 debug_print_object+0x13c/0x1b0 [ 93.644799] Modules linked in: veth xt_cgroup xt_MASQUERADE rfcomm algif_hash algif_skcipher af_alg uinput ip6table_nat fuse uvcvideo videobuf2_vmalloc venus_enc venus_dec videobuf2_dma_contig hci_uart btandroid btqca snd_soc_rt5682_i2c bluetooth qcom_spmi_temp_alarm snd_soc_rt5682v [ 93.715175] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.4.163-lockdep #26 [ 93.723855] Hardware name: Google Lazor (rev3 - 8) with LTE (DT) [ 93.730055] Workqueue: events kobject_delayed_cleanup [ 93.735271] pstate: 60c00009 (nZCv daif +PAN +UAO) [ 93.740216] pc : debug_print_object+0x13c/0x1b0 [ 93.744890] lr : debug_print_object+0x13c/0x1b0 [ 93.749555] sp : ffffffacf5bc7940 [ 93.752978] x29: ffffffacf5bc7940 x28: dfffffd000000000 [ 93.758448] x27: ffffffacdb11a800 x26: dfffffd000000000 [ 93.763916] x25: ffffffd0734f856c x24: dfffffd000000000 [ 93.769389] x23: 0000000000000000 x22: ffffffd0733c35b0 [ 93.774860] x21: ffffffd0751994a0 x20: ffffffd075ec27c0 [ 93.780338] x19: ffffffd075199100 x18: 00000000000276e0 [ 93.785814] x17: 0000000000000000 x16: dfffffd000000000 [ 93.791291] x15: ffffffffffffffff x14: 6e6968207473696c [ 93.796768] x13: 0000000000000000 x12: ffffffd075e2b000 [ 93.802244] x11: 0000000000000001 x10: 0000000000000000 [ 93.807723] x9 : d13400dff1921900 x8 : d13400dff1921900 [ 93.813200] x7 : 0000000000000000 x6 : 0000000000000000 [ 93.818676] x5 : 0000000000000080 x4 : 0000000000000000 [ 93.824152] x3 : ffffffd0732a0fa4 x2 : 0000000000000001 [ 93.829628] x1 : ffffffacf5bc7580 x0 : 0000000000000061 [ 93.835104] Call trace: [ 93.837644] debug_print_object+0x13c/0x1b0 [ 93.841963] __debug_check_no_obj_freed+0x25c/0x3c0 [ 93.846987] debug_check_no_obj_freed+0x18/0x20 [ 93.851669] slab_free_freelist_hook+0xbc/0x1e4 [ 93.856346] kfree+0xfc/0x2f4 [ 93.859416] rpmsg_ctrldev_release_device+0x78/0xb8 [ 93.864445] device_release+0x84/0x168 [ 93.868310] kobject_cleanup+0x12c/0x298 [ 93.872356] kobject_delayed_cleanup+0x10/0x18 [ 93.876948] process_one_work+0x578/0x92c [ 93.881086] worker_thread+0x804/0xcf8 [ 93.884963] kthread+0x2a8/0x314 [ 93.888303] ret_from_fork+0x10/0x18 The cdev_device_add/del() API was created to address this issue (see commit '233ed09d7fda ("chardev: add helper function to register char devs with a struct device")'), use it instead of cdev add/del().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b
Impacted products
Vendor Product Version
Linux Linux Version: 4.11
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48759",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T15:44:05.243673Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T15:44:14.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:00.922Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/rpmsg/rpmsg_char.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "74d85e9fbc7022a4011102c7474a9c7aeb704a35",
              "status": "affected",
              "version": "c0cdc19f84a4712cf74888f83af286e3c2e14efd",
              "versionType": "git"
            },
            {
              "lessThan": "70cb4295ec806b663665e1d2ed15caab6159880e",
              "status": "affected",
              "version": "c0cdc19f84a4712cf74888f83af286e3c2e14efd",
              "versionType": "git"
            },
            {
              "lessThan": "da27b834c1e0222e149e06caddf7718478086d1b",
              "status": "affected",
              "version": "c0cdc19f84a4712cf74888f83af286e3c2e14efd",
              "versionType": "git"
            },
            {
              "lessThan": "1dbb206730f3e5ce90014ad569ddf8167ec4124a",
              "status": "affected",
              "version": "c0cdc19f84a4712cf74888f83af286e3c2e14efd",
              "versionType": "git"
            },
            {
              "lessThan": "85aba11a8ea92a8eef2de95ebbe063086fd62d9c",
              "status": "affected",
              "version": "c0cdc19f84a4712cf74888f83af286e3c2e14efd",
              "versionType": "git"
            },
            {
              "lessThan": "d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7",
              "status": "affected",
              "version": "c0cdc19f84a4712cf74888f83af286e3c2e14efd",
              "versionType": "git"
            },
            {
              "lessThan": "b7fb2dad571d1e21173c06cef0bced77b323990a",
              "status": "affected",
              "version": "c0cdc19f84a4712cf74888f83af286e3c2e14efd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/rpmsg/rpmsg_char.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.14.*",
              "status": "unaffected",
              "version": "4.14.265",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.228",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev\n\nstruct rpmsg_ctrldev contains a struct cdev. The current code frees\nthe rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the\ncdev is a managed object, therefore its release is not predictable\nand the rpmsg_ctrldev could be freed before the cdev is entirely\nreleased, as in the backtrace below.\n\n[   93.625603] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x7c\n[   93.636115] WARNING: CPU: 0 PID: 12 at lib/debugobjects.c:488 debug_print_object+0x13c/0x1b0\n[   93.644799] Modules linked in: veth xt_cgroup xt_MASQUERADE rfcomm algif_hash algif_skcipher af_alg uinput ip6table_nat fuse uvcvideo videobuf2_vmalloc venus_enc venus_dec videobuf2_dma_contig hci_uart btandroid btqca snd_soc_rt5682_i2c bluetooth qcom_spmi_temp_alarm snd_soc_rt5682v\n[   93.715175] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.4.163-lockdep #26\n[   93.723855] Hardware name: Google Lazor (rev3 - 8) with LTE (DT)\n[   93.730055] Workqueue: events kobject_delayed_cleanup\n[   93.735271] pstate: 60c00009 (nZCv daif +PAN +UAO)\n[   93.740216] pc : debug_print_object+0x13c/0x1b0\n[   93.744890] lr : debug_print_object+0x13c/0x1b0\n[   93.749555] sp : ffffffacf5bc7940\n[   93.752978] x29: ffffffacf5bc7940 x28: dfffffd000000000\n[   93.758448] x27: ffffffacdb11a800 x26: dfffffd000000000\n[   93.763916] x25: ffffffd0734f856c x24: dfffffd000000000\n[   93.769389] x23: 0000000000000000 x22: ffffffd0733c35b0\n[   93.774860] x21: ffffffd0751994a0 x20: ffffffd075ec27c0\n[   93.780338] x19: ffffffd075199100 x18: 00000000000276e0\n[   93.785814] x17: 0000000000000000 x16: dfffffd000000000\n[   93.791291] x15: ffffffffffffffff x14: 6e6968207473696c\n[   93.796768] x13: 0000000000000000 x12: ffffffd075e2b000\n[   93.802244] x11: 0000000000000001 x10: 0000000000000000\n[   93.807723] x9 : d13400dff1921900 x8 : d13400dff1921900\n[   93.813200] x7 : 0000000000000000 x6 : 0000000000000000\n[   93.818676] x5 : 0000000000000080 x4 : 0000000000000000\n[   93.824152] x3 : ffffffd0732a0fa4 x2 : 0000000000000001\n[   93.829628] x1 : ffffffacf5bc7580 x0 : 0000000000000061\n[   93.835104] Call trace:\n[   93.837644]  debug_print_object+0x13c/0x1b0\n[   93.841963]  __debug_check_no_obj_freed+0x25c/0x3c0\n[   93.846987]  debug_check_no_obj_freed+0x18/0x20\n[   93.851669]  slab_free_freelist_hook+0xbc/0x1e4\n[   93.856346]  kfree+0xfc/0x2f4\n[   93.859416]  rpmsg_ctrldev_release_device+0x78/0xb8\n[   93.864445]  device_release+0x84/0x168\n[   93.868310]  kobject_cleanup+0x12c/0x298\n[   93.872356]  kobject_delayed_cleanup+0x10/0x18\n[   93.876948]  process_one_work+0x578/0x92c\n[   93.881086]  worker_thread+0x804/0xcf8\n[   93.884963]  kthread+0x2a8/0x314\n[   93.888303]  ret_from_fork+0x10/0x18\n\nThe cdev_device_add/del() API was created to address this issue (see\ncommit \u0027233ed09d7fda (\"chardev: add helper function to register char\ndevs with a struct device\")\u0027), use it instead of cdev add/del()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T08:07:11.202Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35"
        },
        {
          "url": "https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e"
        },
        {
          "url": "https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a"
        },
        {
          "url": "https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a"
        }
      ],
      "title": "rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48759",
    "datePublished": "2024-06-20T11:13:37.872Z",
    "dateReserved": "2024-06-20T11:09:39.059Z",
    "dateUpdated": "2024-12-19T08:07:11.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-48759\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-06-20T12:15:14.023\",\"lastModified\":\"2024-11-21T07:33:57.730\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nrpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev\\n\\nstruct rpmsg_ctrldev contains a struct cdev. The current code frees\\nthe rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the\\ncdev is a managed object, therefore its release is not predictable\\nand the rpmsg_ctrldev could be freed before the cdev is entirely\\nreleased, as in the backtrace below.\\n\\n[   93.625603] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x7c\\n[   93.636115] WARNING: CPU: 0 PID: 12 at lib/debugobjects.c:488 debug_print_object+0x13c/0x1b0\\n[   93.644799] Modules linked in: veth xt_cgroup xt_MASQUERADE rfcomm algif_hash algif_skcipher af_alg uinput ip6table_nat fuse uvcvideo videobuf2_vmalloc venus_enc venus_dec videobuf2_dma_contig hci_uart btandroid btqca snd_soc_rt5682_i2c bluetooth qcom_spmi_temp_alarm snd_soc_rt5682v\\n[   93.715175] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G    B             5.4.163-lockdep #26\\n[   93.723855] Hardware name: Google Lazor (rev3 - 8) with LTE (DT)\\n[   93.730055] Workqueue: events kobject_delayed_cleanup\\n[   93.735271] pstate: 60c00009 (nZCv daif +PAN +UAO)\\n[   93.740216] pc : debug_print_object+0x13c/0x1b0\\n[   93.744890] lr : debug_print_object+0x13c/0x1b0\\n[   93.749555] sp : ffffffacf5bc7940\\n[   93.752978] x29: ffffffacf5bc7940 x28: dfffffd000000000\\n[   93.758448] x27: ffffffacdb11a800 x26: dfffffd000000000\\n[   93.763916] x25: ffffffd0734f856c x24: dfffffd000000000\\n[   93.769389] x23: 0000000000000000 x22: ffffffd0733c35b0\\n[   93.774860] x21: ffffffd0751994a0 x20: ffffffd075ec27c0\\n[   93.780338] x19: ffffffd075199100 x18: 00000000000276e0\\n[   93.785814] x17: 0000000000000000 x16: dfffffd000000000\\n[   93.791291] x15: ffffffffffffffff x14: 6e6968207473696c\\n[   93.796768] x13: 0000000000000000 x12: ffffffd075e2b000\\n[   93.802244] x11: 0000000000000001 x10: 0000000000000000\\n[   93.807723] x9 : d13400dff1921900 x8 : d13400dff1921900\\n[   93.813200] x7 : 0000000000000000 x6 : 0000000000000000\\n[   93.818676] x5 : 0000000000000080 x4 : 0000000000000000\\n[   93.824152] x3 : ffffffd0732a0fa4 x2 : 0000000000000001\\n[   93.829628] x1 : ffffffacf5bc7580 x0 : 0000000000000061\\n[   93.835104] Call trace:\\n[   93.837644]  debug_print_object+0x13c/0x1b0\\n[   93.841963]  __debug_check_no_obj_freed+0x25c/0x3c0\\n[   93.846987]  debug_check_no_obj_freed+0x18/0x20\\n[   93.851669]  slab_free_freelist_hook+0xbc/0x1e4\\n[   93.856346]  kfree+0xfc/0x2f4\\n[   93.859416]  rpmsg_ctrldev_release_device+0x78/0xb8\\n[   93.864445]  device_release+0x84/0x168\\n[   93.868310]  kobject_cleanup+0x12c/0x298\\n[   93.872356]  kobject_delayed_cleanup+0x10/0x18\\n[   93.876948]  process_one_work+0x578/0x92c\\n[   93.881086]  worker_thread+0x804/0xcf8\\n[   93.884963]  kthread+0x2a8/0x314\\n[   93.888303]  ret_from_fork+0x10/0x18\\n\\nThe cdev_device_add/del() API was created to address this issue (see\\ncommit \u0027233ed09d7fda (\\\"chardev: add helper function to register char\\ndevs with a struct device\\\")\u0027), use it instead of cdev add/del().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rpmsg: char: corrige la ejecuci\u00f3n entre el lanzamiento de rpmsg_ctrldev y cdev struct rpmsg_ctrldev contiene una estructura cdev. El c\u00f3digo actual libera la estructura rpmsg_ctrldev en rpmsg_ctrldev_release_device(), pero el cdev es un objeto administrado, por lo tanto su liberaci\u00f3n no es predecible y rpmsg_ctrldev podr\u00eda liberarse antes de que el cdev se libere por completo, como se muestra en el seguimiento a continuaci\u00f3n. [ 93.625603] ODEBUG: tipo de objeto activo libre (estado activo 0): timer_list sugerencia: retardado_work_timer_fn+0x0/0x7c [ 93.636115] ADVERTENCIA: CPU: 0 PID: 12 en lib/debugobjects.c:488 debug_print_object+0x13c/0x1b0 [ 93.644799 ] M\u00f3dulos vinculados en: veth xt_cgroup xt_MASQUERADE rfcomm algif_hash algif_skcipher af_alg uinput ip6table_nat fuse uvcvideo videobuf2_vmalloc venus_enc venus_dec videobuf2_dma_contig hci_uart btandroid btqca snd_soc_rt5682_i2c bluetooth qcom_spmi_temp_al arm snd_soc_rt5682v [93.715175] CPU: 0 PID: 12 Comm: kworker/0:1 Contaminado: GB 5.4.163-lockdep #26 [93.723855] Nombre del hardware: Google Lazor (rev3 - 8) con LTE (DT) [93.730055] Cola de trabajo: eventos kobject_delayed_cleanup [93.735271] pstate: 60c00009 (nZCv daif +PAN +UAO) [93.740216] pc: debug_print_object+0x 13c/ 0x1b0 [93.744890] lr: debug_print_object+0x13c/0x1b0 [93.749555] sp: ffffffacf5bc7940 [93.752978] x29: ffffffacf5bc7940 x28: dfffffd000000000 [93.758448] 27: fffffacdb11a800 x26: dfffffd000000000 [ 93.763916] x25: ffffffd0734f856c x24: dfffffd000000000 [ 93.769389] x23: 0000000000000000 x22: ffffffd0733c35b0 [ 93.774860] x21: ffffffd0751994a0 x20: ffffffd075ec27c0 [ 93.780338] x19: ffffffd075199100 x18: 00000000000276e0 [ 93.78 5814] x17: 0000000000000000 x16: dfffffd000000000 [ 93.791291] x15: ffffffffffffffff x14: 6e6968207473696c [ 93.796768] x13: 00000000000000000 x 12: ffffffd075e2b000 [ 93.802244 ] x11: 0000000000000001 x10: 0000000000000000 [ 93.807723] x9 : d13400dff1921900 x8 : d13400dff1921900 [ 93.813200] x7 : 000000000000000 0 x6: 0000000000000000 [93.818676] x5: 0000000000000080 x4: 0000000000000000 [93.824152] x3: ffffffd0732a0fa4 x2: 0000000000000001 [9 3.829628] x1 : ffffffacf5bc7580 x0 : 0000000000000061 [93.835104] Rastreo de llamadas: [93.837644] debug_print_object+0x13c/0x1b0 [93.841963] __debug_check_no_obj_freed+0x25c/0x3c0 [93.846987] _freed+0x18/0x20 [ 93.851669] slab_free_freelist_hook+0xbc/0x1e4 [ 93.856346] kfree+0xfc/0x2f4 [ 93.859416 ] rpmsg_ctrldev_release_device+0x78/0xb8 [ 93.864445] device_release+0x84/0x168 [ 93.868310] kobject_cleanup+0x12c/0x298 [ 93.872356] kobject_delayed_cleanup+0x10/0x18 [ 93.87694 8] proceso_one_work+0x578/0x92c [ 93.881086] hilo_trabajador+0x804/0xcf8 [ 93.884963] kthread +0x2a8/0x314 [ 93.888303] ret_from_fork+0x10/0x18 La API cdev_device_add/del() se cre\u00f3 para solucionar este problema (consulte el commit \u0027233ed09d7fda (\\\"chardev: agregar funci\u00f3n auxiliar para registrar desarrolladores de caracteres con un dispositivo de estructura\\\")\u0027), \u00daselo en lugar de cdev add/del().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1dbb206730f3e5ce90014ad569ddf8167ec4124a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/70cb4295ec806b663665e1d2ed15caab6159880e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/74d85e9fbc7022a4011102c7474a9c7aeb704a35\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/85aba11a8ea92a8eef2de95ebbe063086fd62d9c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/b7fb2dad571d1e21173c06cef0bced77b323990a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/d6cdc6ae542845d4d0ac8b6d99362bde7042a3c7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/stable/c/da27b834c1e0222e149e06caddf7718478086d1b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.