Linux Kernel Double Free Vulnerability in ASoC SMA1307 Codec

A double free vulnerability has been identified in the Linux kernel's ASoC SMA1307 codec driver. This issue arises because the driver improperly manages memory allocated with devm_kzalloc(), a function that provides device-managed resources. The vulnerability occurs in the sma1307_setting_loaded() function, where a manual cleanup of the mode_set entries incorrectly uses kfree() instead of allowing the device resource management system to handle it. This mismanagement can lead to a double free error when the memory is released twice, causing potential instability or security issues.

Impact

Exploitation of this vulnerability can lead to a double free condition, where the same memory is freed multiple times. This can cause memory corruption, potentially allowing for arbitrary code execution or other unintended behavior in the system.

Reproduction

The vulnerability can be reproduced by triggering the sma1307_setting_loaded() function in the ASoC SMA1307 codec driver. This can be done by simulating a scenario where the function is called and a memory allocation failure occurs, causing the error handling path to activate. The improper memory management will then lead to a double free condition when the device resource management system attempts to clean up the same memory that was manually freed earlier.

Remediation

The vulnerability has been addressed by modifying the error handling in the sma1307_setting_loaded() function. The manual kfree() loop has been removed, allowing the device resource management system to properly handle the cleanup of allocated resources. Users should update to the latest version of the Linux kernel where this fix has been applied.