Linux Kernel Marvell CN10K Hotplug Callback Leak Vulnerability in Performance Driver

A vulnerability exists in the Linux kernel's performance driver for Marvell CN10K processors, specifically in the 'tad_pmu_init' function. This vulnerability arises because 'tad_pmu_init' fails to remove a hotplug callback when the 'platform_driver_register' function encounters an error. As a result, the callback remains registered, leading to a potential callback leak. The issue has been addressed by modifying 'tad_pmu_init' to remove the callback in the event of a registration failure, similar to the correction made for 'arm_ccn_init' in a previous commit.

Impact

The vulnerability could lead to a hotplug callback leak, where a callback remains registered even after a failure in the initialization process, potentially causing instability or unexpected behavior in the system's performance management.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. The specific commit that resolves the issue can be downloaded as a tarball.