2025-05-29 13:15:54
Linux
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In lookup_or_create_module_kobject(), an internal kobject is created using module_ktype. So call to kobject_put() on error handling path causes an attempt to use an uninitialized completion pointer in module_kobject_release(). In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether complete() is actually required makes kobject_put() safe.