"value":"In the Linux kernel, the following vulnerability has been resolved:\n\ni3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition\n\nIn the svc_i3c_master_probe function, &master->hj_work is bound with\nsvc_i3c_master_hj_work, &master->ibi_work is bound with\nsvc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the\nhj_work, svc_i3c_master_irq_handler can start the ibi_work.\n\nIf we remove the module which will call svc_i3c_master_remove to\nmake cleanup, it will free master->base through i3c_master_unregister\nwhile the work mentioned above will be used. The sequence of operations\nthat may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | svc_i3c_master_hj_work\nsvc_i3c_master_remove |\ni3c_master_unregister(&master->base)|\ndevice_unregister(&master->dev) |\ndevice_release |\n//free master->base |\n | i3c_master_do_daa(&master->base)\n | //use master->base\n\nFix it by ensuring that the work is canceled before proceeding with the\ncleanup in svc_i3c_master_remove."
"value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i3c: master: svc: Se corrige la vulnerabilidad de use after free en el controlador svc_i3c_master debido a la condici\u00f3n de ejecuci\u00f3n En la funci\u00f3n svc_i3c_master_probe, &master->hj_work est\u00e1 vinculado con svc_i3c_master_hj_work, &master->ibi_work est\u00e1 vinculado con svc_i3c_master_ibi_work. Y svc_i3c_master_ibi_work puede iniciar hj_work, svc_i3c_master_irq_handler puede iniciar ibi_work. Si eliminamos el m\u00f3dulo que llamar\u00e1 a svc_i3c_master_remove para realizar la limpieza, liberar\u00e1 master->base a trav\u00e9s de i3c_master_unregister mientras que el trabajo mencionado anteriormente se utilizar\u00e1. La secuencia de operaciones que pueden provocar un error de UAF es la siguiente: CPU0 CPU1 | Solucione el problema asegur\u00e1ndose de que el trabajo se cancele antes de continuar con la limpieza en svc_i3c_master_remove."
