Linux Kernel RTC MSC313 Function Prototype Mismatch Vulnerability in Probe Function

A vulnerability has been identified in the Linux kernel's RTC MSC313 driver, related to a function prototype mismatch in the 'msc313_rtc_probe()' function. This issue arises when Clang's kernel control flow integrity (kCFI) is enabled, as it validates indirect call targets against expected function pointer prototypes to prevent return-oriented programming (ROP) attacks. The 'msc313_rtc_probe()' function was incorrectly passing 'clk_disable_unprepare()' directly, leading to a mismatch with the prototype expected by 'devm_add_action_or_reset()'. The probe function has been refactored to use 'devm_clk_get_enabled()' instead. This vulnerability could cause a runtime failure, resulting in a kernel panic or termination of the offending thread.

Impact

Exploitation of this vulnerability leads to a runtime failure, which can cause a kernel panic or terminate the affected thread.

Reproduction

To reproduce this vulnerability, compile the Linux kernel with Clang, ensuring that kernel control flow integrity (kCFI) is enabled. Then, load the RTC MSC313 driver. The Clang compiler will generate a warning about the prototype mismatch, which can be observed in the kernel log. This mismatch can cause the 'msc313_rtc_probe()' function to fail at runtime, either by causing a kernel panic or by killing the thread running the probe.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.