Linux Kernel Uninitialized IRQ Freeing Vulnerability in DSA Microchip Driver

A vulnerability exists in the Linux kernel's DSA Microchip driver, where the function 'ksz_irq_free()' can be called on uninitialized IRQ structures. This issue arises if the 'ksz_ptp_irq_setup()' function fails during setup, leading to the accidental freeing of uninitialized IRQ numbers or domains. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability can cause undefined behavior by freeing uninitialized IRQ numbers and domains, potentially leading to incorrect interrupt handling or resource management.

Reproduction

The vulnerability can be reproduced by triggering a failure in the 'ksz_ptp_irq_setup()' function during the initialization of a device that uses the DSA Microchip driver. This failure can be simulated by introducing an error condition that prevents the function from completing successfully, which will result in the 'ksz_irq_free()' function being called on an uninitialized IRQ structure.

Remediation

The vulnerability has been addressed by modifying the error handling path to use 'dsa_switch_for_each_user_port_continue_reverse()', ensuring that only fully initialized ports are processed. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this vulnerability.