Linux Kernel Amlogic RTC Driver Double Free Vulnerability

A double free vulnerability has been identified in the Amlogic RTC driver of the Linux kernel. This issue arises from improper management of a clock resource obtained through the devm_clk_get_enabled() function. The devm framework is designed to automatically handle the lifecycle of such resources, freeing them when the driver is detached. However, the driver currently includes manual calls to clk_disable_unprepare() in both the error handling and removal functions, leading to a double free situation. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability could lead to a double free condition, which may be exploited to cause memory corruption.

Reproduction

The vulnerability can be reproduced by loading the Amlogic RTC driver in a scenario where an error occurs during the probe process. The driver will incorrectly free the same clock resource twice, creating a double free vulnerability. This can also be observed when the driver is removed, as the same erroneous clock handling occurs.

Remediation

The vulnerability has been addressed by removing the redundant clk_disable_unprepare() calls from the driver's probe error path and the aml_rtc_remove() function. Users should update to the latest version of the Linux kernel where this fix has been applied.