Linux Kernel PRUSS Double Free Vulnerability in Clock Multiplexer Setup

A double free vulnerability has been identified in the Linux kernel's PRUSS (Programmable Real-time Unit Subsystem) driver. This issue arises in the 'pruss_clk_mux_setup()' function, where the 'devm_add_action_or_reset()' call indirectly triggers 'pruss_of_free_clk_provider()'. The latter function, on its error path, calls 'of_node_put(clk_mux_np)', which is then erroneously called again after 'devm_add_action_or_reset()' returns, leading to a double free condition. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability can lead to memory corruption issues, potentially allowing for arbitrary code execution or causing a denial of service by crashing the system.

Reproduction

To reproduce this vulnerability, load a device tree that includes a PRUSS clock multiplexer. The 'pruss_clk_mux_setup()' function will be called, and if an error occurs, the 'of_node_put(clk_mux_np)' will be called twice, creating a double free situation.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.