Linux Kernel Stratix10 SVC Driver Controller Data Handling Vulnerability Causes Kernel Panic

A vulnerability in the Linux kernel's Stratix10 SVC driver has been addressed. The issue arose from the improper use of platform_set_drvdata and dev_set_drvdata, which both handled the same data and inadvertently overwrote each other. This conflict caused the removal of the SVC driver to fail, leading to a kernel panic as it attempted to stop a kernel thread and free a FIFO buffer. The vulnerability affects Linux kernel versions 6.6 and later.

Impact

The flawed data handling in the SVC driver could disrupt normal operations, causing a kernel panic that halts system processes and frees associated resources, potentially leading to system instability.

Reproduction

The vulnerability can be reproduced by loading the Stratix10 SVC driver, which incorrectly manages controller data. When the driver is removed, the conflict in data handling causes a kernel panic, disrupting system processes and resource management.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for updating the kernel can be found in the official Linux kernel documentation.