Linux Kernel Device Lock Enforcement Vulnerability in Driver Core

A vulnerability in the Linux kernel's driver core has been addressed, specifically related to the handling of device locks during driver matching. The issue arose because the function 'driver_match_device()' was called from three different locations, two of which did not hold the necessary device lock. This inconsistency meant that bus match callbacks could be called without the lock, leading to a race condition. The vulnerability was particularly problematic for buses using the 'driver_override' field, causing a use-after-free error. The issue has been resolved by introducing a new function, 'driver_match_device_locked()', which ensures the device lock is held, and by replacing the unlocked calls in 'bind_store()' and '__driver_attach()' with this new helper. Stress testing the updated paths confirmed the absence of recurrence of the use-after-free issue and no lock dependency warnings.

Impact

The vulnerability could lead to a use-after-free condition, causing memory corruption or potentially allowing for arbitrary code execution.