Linux Kernel SCSI Error Handling Vulnerability in hwmon Drive Temperature Driver

A vulnerability in the Linux kernel's hwmon (drivetemp) driver has been addressed. The issue arose because the driver incorrectly handled error codes from the 'scsi_execute_cmd()' function, which can return both negative Linux error codes and positive SCSI command result codes. The driver passed these positive error codes directly to the hwmon core, which only interprets negative codes as errors. This mismanagement led to hwmon displaying uninitialized data to userspace when SCSI errors occurred, such as when a disk drive was disconnected. The patch now correctly interprets positive error codes as SCSI errors and returns a negative error code, ensuring proper data handling.

Impact

The vulnerability could cause the hwmon driver to report incorrect data to userspace, potentially leading to misinformed decisions based on faulty temperature readings.