Bug 1544482 (CVE-2017-18174) - CVE-2017-18174 kernel: Double free vulnerability in drivers/pinctrl/pinctrl-amd.c:amd_gpio_remove() function can lead to kernel panic
Summary: CVE-2017-18174 kernel: Double free vulnerability in drivers/pinctrl/pinctrl-a...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2017-18174
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-12 15:58 UTC by Adam Mariš
Modified: 2021-02-17 00:49 UTC (History)
45 users (show)

Fixed In Version: kernel 4.7
Clone Of:
Environment:
Last Closed: 2018-02-12 16:01:28 UTC
Embargoed:

Attachments (Terms of Use)

Description Adam Mariš 2018-02-12 15:58:04 UTC 
In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free.

Introduced by:

https://github.com/torvalds/linux/commit/dbad75dd1f25e0107c643d42774a7f9a8ba85e9b

Fixed by:

https://github.com/torvalds/linux/commit/251e22abde21833b3d29577e4d8c7aaccd650eee

Re-introduced by (only in rc release):

https://github.com/torvalds/linux/commit/3bfd44306c65d073008b9ca8f062249f35576b61

Fixed again by:

https://github.com/torvalds/linux/commit/8dca4a41f1ad65043a78c2338d9725f859c8d2c3
Comment 1 Adam Mariš 2018-02-12 16:01:49 UTC 
Statement:

This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and 7, and Red Hat Enterprise MRG as they did not include the vulnerable code.
Note You need to log in before you can comment on or make changes to this bug.