Linux Kernel FSL QSPI Driver Use-After-Free Vulnerability Leading to Kernel Panic

A vulnerability in the Linux kernel's FSL QSPI driver can cause a kernel panic on i.MX8MQ devices. The issue arises because the driver improperly manages resources by not using the 'devm' functions for clock, interrupt, and other resources. Instead, it relies on a legacy remove function that is called during device detachment, leading to a use-after-free condition. This mismanagement can be exploited by unbinding the SPI controller, causing the kernel to panic.

Impact

Exploitation of this vulnerability triggers a kernel panic, causing a denial of service on the affected system.

Reproduction

To reproduce this vulnerability, unbind the FSL QSPI driver from the SPI controller on an i.MX8MQ device. This can be done by echoing the address of the SPI controller into the unbind file of the FSL QSPI driver. The improper resource management will then cause the kernel to panic.

Remediation

The driver should be updated to use 'devm_add_action_or_reset()' for cleanup, ensuring that resources are properly managed and released.