Linux Kernel USB Device Driver Pre-Initialization Error Vulnerability

A vulnerability exists in the Linux kernel's USB device driver within the 'most' subsystem. The issue arises in the 'hdm_probe' function, where the error handling path can prematurely free a device structure before it has been properly initialized. This flaw leads to a warning from the device core and attempts to release an uninitialized object, potentially causing memory management issues. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a device core warning and improper memory management by attempting to release an uninitialized kobject, which could lead to undefined behavior or memory corruption.

Reproduction

The vulnerability can be reproduced by triggering the 'hdm_probe' function in the USB device driver for the 'most' subsystem. This can be done by loading a USB device that uses this driver before the device has been fully initialized. The error handling path will then jump to a point where the device is not ready, causing the warning and mishandling of the memory.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that fixes this issue is available in the Linux kernel stable tree.