Linux Kernel mISDN hfcpci Module Uninitialized Timer Deletion Warning Vulnerability

A warning related to the deletion of an uninitialized timer has been addressed in the Linux kernel mISDN hfcpci module. When the hfcpci module is unloaded with the CONFIG_DEBUG_OBJECTS_TIMERS option enabled, it triggers a warning about a timer object that was not properly initialized. This issue arises because the module attempts to delete a timer that has not been set up correctly, leading to a debug object assertion failure. The vulnerability is present in the Linux kernel versions through 6.17.0-rc2.

Impact

The vulnerability could lead to a warning being generated during the module unload process, indicating a debug object assertion failure due to the improper handling of a timer object.

Reproduction

To reproduce this issue, load the mISDN hfcpci module into the Linux kernel with the CONFIG_DEBUG_OBJECTS_TIMERS option enabled. After the module is loaded, unload it using the 'rmmod' command. This process will generate a warning about the deletion of an uninitialized timer, indicating that the module did not properly initialize the timer before attempting to remove it.

Remediation

The vulnerability has been fixed by properly initializing the timer using the DEFINE_TIMER macro and by using the mod_timer function to update the timer's expiration, instead of manually managing the timeout.