Linux Kernel HDMI CEC Adapter Unregistration Vulnerability in ADV7511 Bridge Driver

A use-after-free vulnerability has been identified in the Linux kernel's HDMI CEC (Consumer Electronics Control) adapter management within the ADV7511 bridge driver. This issue arises when the CEC adapter is unregistered without properly handling the associated I2C device, leading to a kernel oops error. The vulnerability is present in the Linux kernel stable tree.

Impact

The vulnerability can cause a kernel oops error, indicating a serious issue in the kernel's ability to manage memory, which can potentially be exploited to cause a denial of service by crashing the system.

Reproduction

To reproduce this vulnerability, load the ADV7511 bridge module, which adds HDMI CEC support. After the module is loaded, the CEC adapter is assigned a physical address. When the ADV7511 module is removed, the CEC adapter is unregistered, but the corresponding I2C CEC device is not properly handled. This sequence of actions leads to a use-after-free condition, causing a kernel oops error. The vulnerability can be reproduced by manually removing the ADV7511 module after it has been loaded, without the necessary cleanup of the CEC adapter's I2C device.

Remediation

The vulnerability has been addressed in subsequent commits by modifying the ADV7511 bridge driver's unregistration process. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.