Linux Kernel Rocket Driver Unwinding Error Path Vulnerability

A vulnerability in the Linux kernel's rocket driver can lead to out-of-bounds accesses. This issue arises because the error handling path in the 'rocket_probe' function does not properly unwind when 'rocket_core_init' fails. The failure can occur with 'EPROBE_DEFER', and if not handled correctly, it can cause memory access violations. The vulnerability affects the Linux kernel stable tree.

Impact

Improper error handling in the rocket driver can lead to out-of-bounds memory accesses, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by probing a platform device with the rocket driver. If the 'rocket_core_init' function fails, the error handling will not correctly decrement the core counter or remove the rocket DRM device, leading to an out-of-bounds access.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.