Linux Kernel ALSA ymfpci Device-Managed API Vulnerability Leading to Denial-of-Service

A vulnerability in the Linux kernel's ALSA ymfpci driver can cause a denial-of-service condition. The issue arises because the driver fails to properly manage device resources when the module is unloaded. Specifically, the removal of the snd_card_ymfpci_remove() function in favor of device-managed APIs was not fully implemented. As a result, the driver does not release allocated resources correctly, leading to a page fault error when the module is unloaded. This error occurs because the system attempts to access a memory address that is no longer valid, causing a crash.

Impact

Exploitation of this vulnerability leads to a kernel crash, commonly referred to as an 'Oops' error, which can disrupt system operations and cause instability.

Reproduction

The vulnerability can be reproduced by loading the ALSA ymfpci module, then unloading it. The absence of a proper resource management call during the unload process triggers the error.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.