Linux Kernel Double Free Vulnerability in Hisilicon QM Crypto Driver

A double free vulnerability has been identified in the Linux kernel's Hisilicon QM crypto driver. This issue arises because the initialization of the 'qm->debug.acc_diff_reg' can fail, causing the probe process to continue without properly handling the error. After the 'qm->debug.qm_diff_regs' is freed, it is not reset to NULL, leading to a double free when the removal process tries to free it again. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability can lead to a double free condition, which may cause memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by initializing the 'qm->debug.acc_diff_reg' in the Hisilicon QM crypto driver, causing the initialization to fail. This will leave 'qm->debug.qm_diff_regs' freed but not set to NULL. When the removal process attempts to free 'qm->debug.qm_diff_regs' again, it will result in a double free.

Remediation

The vulnerability has been addressed in the Linux kernel stable tree. Users can upgrade to the latest version to mitigate this issue.