CVE-2024-56534 Information

Description

In the Linux kernel the following vulnerability has been resolved:

isofs: avoid memory leak in iocharset

A memleak was found as below:

unreferenced object 0xffff0000d10164d8 (size 8): comm \pool-udisksd\ pid 108217 jiffies 4295408555 hex dump (first 8 bytes): 75 74 66 38 00 cc cc cc utf8…. backtrace (crc de430d31): [] kmemleak_alloc+0xb8/0xc8 [] __kmalloc_node_track_caller_noprof+0x380/0x474 [] kstrdup+0x70/0xfc [] isofs_parse_param+0x228/0x2c0 [isofs] [] vfs_parse_fs_param+0xf4/0x164 [] vfs_parse_fs_string+0x8c/0xd4 [] vfs_parse_monolithic_sep+0xb0/0xfc [] generic_parse_monolithic+0x30/0x3c [] parse_monolithic_mount_data+0x40/0x4c [] path_mount+0x6c4/0x9ec [] do_mount+0xac/0xc4 [] __arm64_sys_mount+0x16c/0x2b0 [] invoke_syscall+0x7c/0x104 [] el0_svc_common.constprop.1+0xe0/0x104 [] do_el0_svc+0x2c/0x38 [] el0_svc+0x3c/0x1b8

The opt->iocharset is freed inside the isofs_fill_super function But there may be situations where it’s not possible to enter this function.

For example in the get_tree_bdev_flags functionwhen encountering the situation where \Can’t mount would change RO state\nIn such a case isofs_fill_super will not have the opportunity to be calledwhich means that opt->iocharset will not have the chance to be freedultimately leading to a memory leak.

Let’s move the memory freeing of opt->iocharset into isofs_free_fc function.

Reference

https://git.kernel.org/stable/c/0b5bbeee4de616a268db77e2f40f19ab010a367b https://git.kernel.org/stable/c/0fbab266ca8000333c966f5b58cb9b9cac658573 https://git.kernel.org/stable/c/34f090ddb3630a26e5a6b220bf3bfaf5c7b70393