Linux Kernel Crypto Subsystem Double Free Vulnerability in Aspeed ACRY Driver

A double free vulnerability has been identified in the Linux kernel's crypto subsystem, specifically within the Aspeed ACRY driver. This issue arises from improper management of a clock resource obtained through 'devm_clk_get_enabled()'. While this clock is automatically handled by the device resource management system and freed when the driver is detached, the ACRY driver incorrectly calls 'clk_disable_unprepare()' during error handling and cleanup, leading to a double free condition. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability could lead to a double free condition, which may cause memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by loading the Aspeed ACRY driver and then triggering an error during the driver's initialization process. This will cause the driver to manually disable and unprepare the clock, which is not necessary and can lead to a double free. The same effect can be achieved by unloading the driver, which will also cause the clock to be freed, and then manually disabling it again.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.