"value":"In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition\n\nIn the cdns_i3c_master_probe function, &master->hj_work is bound with\ncdns_i3c_master_hj. And cdns_i3c_master_interrupt can call\ncnds_i3c_master_demux_ibis function to start the work.\n\nIf we remove the module which will call cdns_i3c_master_remove to\nmake cleanup, it will free master->base through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | cdns_i3c_master_hj\ncdns_i3c_master_remove |\ni3c_master_unregister(&master->base) |\ndevice_unregister(&master->dev) |\ndevice_release |\n//free master->base |\n | i3c_master_do_daa(&master->base)\n | //use master->base\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in cdns_i3c_master_remove."
"value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i3c: master: cdns: Arreglar la vulnerabilidad de use after free en el controlador cdns_i3c_master debido a la condici\u00f3n de ejecuci\u00f3n En la funci\u00f3n cdns_i3c_master_probe, &master->hj_work est\u00e1 vinculado con cdns_i3c_master_hj. Y cdns_i3c_master_interrupt puede llamar a la funci\u00f3n cnds_i3c_master_demux_ibis para iniciar el trabajo. Si eliminamos el m\u00f3dulo que llamar\u00e1 a cdns_i3c_master_remove para realizar la limpieza, liberar\u00e1 master->base a trav\u00e9s de i3c_master_unregister mientras se usar\u00e1 el trabajo mencionado anteriormente. La secuencia de operaciones que pueden provocar un error de UAF es la siguiente: CPU0 CPU1 | cdns_i3c_master_hj cdns_i3c_master_remove | Corr\u00edjalo asegur\u00e1ndose de que el trabajo se cancele antes de continuar con la limpieza en cdns_i3c_master_remove."
