Linux Kernel Cros Ec Typec Stale Pointer Vulnerability Leading to Use-After-Free or Double Free

A vulnerability in the Linux kernel's handling of Type C switch pointers can lead to use-after-free or double free errors. The issue arises in the 'cros_typec_get_switch_handles' function, which allocates four pointers for Type C switch handles. If the function fails to obtain all the handles, the allocated pointers are freed, leaving the 'port' pointers stale. These stale pointers can then cause memory management errors in subsequent code paths. The vulnerability has been addressed by modifying the code to zero out the pointer fields after they are freed, preventing the creation of stale pointers.

Impact

The vulnerability can be exploited to cause use-after-free or double free errors, which can lead to memory corruption and potentially allow for arbitrary code execution.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.