CVE-2024-56700

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: wl128x: Fix atomicity violation in fmc_send_cmd()<br /> <br /> Atomicity violation occurs when the fmc_send_cmd() function is executed<br /> simultaneously with the modification of the fmdev-&gt;resp_skb value.<br /> Consider a scenario where, after passing the validity check within the<br /> function, a non-null fmdev-&gt;resp_skb variable is assigned a null value.<br /> This results in an invalid fmdev-&gt;resp_skb variable passing the validity<br /> check. As seen in the later part of the function, skb = fmdev-&gt;resp_skb;<br /> when the invalid fmdev-&gt;resp_skb passes the check, a null pointer<br /> dereference error may occur at line 478, evt_hdr = (void *)skb-&gt;data;<br /> <br /> To address this issue, it is recommended to include the validity check of<br /> fmdev-&gt;resp_skb within the locked section of the function. This<br /> modification ensures that the value of fmdev-&gt;resp_skb does not change<br /> during the validation process, thereby maintaining its validity.<br /> <br /> This possible bug is found by an experimental static analysis tool<br /> developed by our team. This tool analyzes the locking APIs<br /> to extract function pairs that can be concurrently executed, and then<br /> analyzes the instructions in the paired functions to identify possible<br /> concurrency bugs including data races and atomicity violations.