Linux Kernel Use-After-Free Vulnerability in TC358743 I2C Driver
Vulnerability
A use-after-free vulnerability has been identified in the Linux kernel's I2C driver for the Toshiba TC358743 HDMI to CSI-2 bridge. This vulnerability arises from a cyclic timer that, while rearming itself, schedules work that can reference a state object that has already been freed. The issue occurs during probe failures after the timer has been initialized, allowing orphaned timers to access deallocated memory, which can lead to memory corruption or other unintended behavior.
Impact
Exploitation of this vulnerability causes a use-after-free condition, where a freed object is accessed, potentially leading to memory corruption.
Reproduction
The vulnerability can be reproduced by emulating the TC358743 device with a kernel module that introduces faults through the debugfs interface. During this process, a probe failure can be simulated after the timer initialization, allowing the orphaned timer to reference the freed state object.
Remediation
The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.