HID: amd_sfh: free driver_data after destroying hid device

CVE-2024-46746

What is CVE-2024-46746?

A memory management vulnerability has been identified in the Linux Kernel involving improper handling of driver_data in the AMD SFH HID driver. This issue arises when the 'hid_destroy_device()' function is called without ensuring that associated driver_data is freed. Consequently, the driver_data remains accessible, leading to potential read-after-free vulnerabilities. This situation was observed in kernel version 6.10.0 on specific AMD devices, including systems utilizing Synaptics TrackPoint technology. The vulnerability can result in crashes and stability issues during driver operations, particularly when debugging memory allocation with KASAN. It is crucial for users and developers utilizing affected versions of the Linux Kernel to apply relevant security patches and updates as soon as they are available to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References