Linux Kernel Atmel QuadSPI SPI Controller Unbinding Vulnerability

A vulnerability in the Linux kernel's handling of the Atmel QuadSPI SPI controller has been addressed. The issue arose because an early error exit in the 'atmel_qspi_remove()' function did not prevent the device from unbinding. This oversight left the SPI controller with an unbound parent and unmapped register space, as the resource mapping was undone. Consequently, using the affected SPI controller could lead to a system error. The vulnerability affected several versions of the Linux kernel.

Impact

The vulnerability could cause a system error (oops) when using the affected SPI controller, due to the unbound parent and unmapped register space.

Reproduction

The vulnerability can be reproduced by using an Atmel QuadSPI SPI controller in a Linux kernel version that is affected by this issue. The 'atmel_qspi_remove()' function will exit early on a runtime resume failure, leaving the SPI controller unbound and with unmapped registers. This can be verified by attempting to use the SPI controller after it has been removed, which will likely result in a system error.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version.