Linux Kernel Hi846 Media Driver Runtime Power Management Reference Count Underflow Vulnerability

A vulnerability in the Linux kernel's media subsystem, specifically within the Hi846 camera driver, has been addressed. The issue arose because the function 'pm_runtime_get_if_in_use()' could return a negative error code, such as -EAGAIN, particularly when resuming from system suspend. This led to a reference count underflow, as the subsequent 'pm_runtime_put()' call improperly decreased the reference count. The vulnerability has been fixed by modifying the driver to correctly handle the -EAGAIN error during the system resume process.

Impact

The vulnerability could cause a reference count underflow, potentially leading to memory management issues.

Reproduction

The vulnerability can be reproduced by using the Hi846 camera driver in the Linux kernel media subsystem. During a system resume from suspend, the 'pm_runtime_get_if_in_use()' function returns -EAGAIN, causing the following 'pm_runtime_put()' call to underflow the reference count. This behavior creates a vulnerability that can be exploited by manipulating the power management functions of the driver.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.