Linux Kernel Wilc1000 Missing Netdev Unregister Vulnerability

A vulnerability in the Linux kernel's Wilc1000 wireless driver has been addressed. The issue arose because the function 'wilc_netdev_ifc_init()' failed to properly unregister the network device in its error handling path. This oversight can lead to a kernel bug, as reported by fault injection tests, where an invalid opcode is encountered, causing a crash. The problem was traced back to the failure of 'alloc_ordered_workqueue()', which left the network device registered without proper cleanup. The vulnerability has been fixed by adding the necessary unregister calls in the error handling path of the 'wilc_netdev_ifc_init()' function.

Impact

The vulnerability could cause a kernel crash due to an unhandled error, leading to a bug where an invalid opcode is executed, according to a fault injection test.

Reproduction

The vulnerability can be reproduced by loading the Wilc1000 driver and triggering a condition that causes 'alloc_ordered_workqueue()' to fail. This will result in the 'wilc_netdev_ifc_init()' function not properly unregistering the network device, leading to a kernel bug and crash.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability.