driver core: fix potential NULL pointer dereference in dev_uevent()
3Vexday Risk Score
Sin señal de explotación. Ningún artefacto público de explotación conocido hasta ahora.
ssvc Trackepss 0.2%
probabilidad de explotación
0.2%top 94% de las CVE
explotación observada
noninguna fuente lo reporta
In the Linux kernel, the following vulnerability has been resolved:
driver core: fix potential NULL pointer dereference in dev_uevent()
If userspace reads "uevent" device attribute at the same time as another
threads unbinds the device from its driver, change to dev->driver from a
valid pointer to NULL may result in crash. Fix this by using READ_ONCE()
when fetching the pointer, and take bus' drivers klist lock to make sure
driver instance will not disappear while we access it.
Use WRITE_ONCE() when setting the driver pointer to ensure there is no
tearing.
Productos afectados
Linux · Linux