Linux Kernel uacce Driver cdev Handling Improper Cleanup Vulnerability

A vulnerability exists in the Linux kernel's uacce driver related to the management of character device (cdev) resources. When the function cdev_device_add fails, it releases the associated cdev memory. If cdev_device_del is subsequently called, it can lead to a hang error. This issue arises because the cleanup process does not properly handle the failure case, creating a potential for resource management errors.

Impact

The vulnerability can cause a hang error in the system, disrupting normal operations by creating a deadlock situation where processes are unable to proceed.

Reproduction

To reproduce this issue, register a uacce device and simulate a failure in the cdev_device_add function. This will cause the cdev memory to be released. If cdev_device_del is then called during the cleanup process, it will result in a hang error, demonstrating the improper handling of the cdev resources.

Remediation

The vulnerability has been addressed by modifying the uacce_register function to check the return value of cdev_device_add. If the addition fails, the cdev pointer is cleared to prevent cdev_device_del from being called during the removal process.