Linux Kernel pm_runtime Resource Management Vulnerability in FEC Driver Removal Process

A vulnerability has been identified in the Linux kernel's handling of the FEC (Fast Ethernet Controller) driver during the device removal process. When the function pm_runtime_get() fails, the removal callback erroneously returns an error, which the driver core ignores, allowing the device to be removed while causing a resource leak. This issue is exacerbated by the premature release of resources managed by the device's driver, which can lead to a crash if the driver's callback is invoked later, as the necessary register mapping will have already been removed.

Impact

This vulnerability can cause a resource leak and potentially lead to a system crash by disrupting the driver's register mapping, which is crucial for its operation.

Reproduction

The vulnerability can be reproduced by removing a device using the FEC driver while the pm_runtime_get() function fails. This can be simulated by creating a scenario where the device's runtime management indicates an error, causing the removal process to mishandle the device's resources.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux kernel's official website.