Описание
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ibmpex) fix use-after-free in high/low store
The ibmpex_high_low_store() function retrieves driver data using dev_get_drvdata() and uses it without validation. This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to use-after-free.
Fix by adding a NULL check after dev_get_drvdata(), and reordering operations in the deletion path to prevent TOCTOU.
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (ibmpex) fix use-after-free in high/low store
The ibmpex_high_low_store() function retrieves driver data using dev_get_drvdata() and uses it without validation. This creates a race condition where the sysfs callback can be invoked after the data structure is freed, leading to use-after-free.
Fix by adding a NULL check after dev_get_drvdata(), and reordering operations in the deletion path to prevent TOCTOU.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-68789
- https://git.kernel.org/stable/c/3ce9b7ae9d4d148672b35147aaf7987a4f82bb94
- https://git.kernel.org/stable/c/533ead425f8109b02fecc7e72d612b8898ec347a
- https://git.kernel.org/stable/c/5aa2139201667c1f644601e4529c4acd6bf8db5a
- https://git.kernel.org/stable/c/68d62e5bebbd118b763e8bb210d5cf2198ef450c
- https://git.kernel.org/stable/c/6946c726c3f4c36f0f049e6f97e88c510b15f65d
- https://git.kernel.org/stable/c/fa37adcf1d564ef58b9dfb01b6c36d35c5294bad
CVE ID
Связанные уязвимости
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Уязвимость функции ibmpex_high_low_store() модуля drivers/hwmon/ibmpex.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании