Linux Kernel Counter Driver Improper Device Pointer Management Vulnerability

A vulnerability exists in the Linux kernel's handling of device pointers within the counter driver for the Renesas RZ/G2L MTU3a hardware. This issue arises because both the counter and PWM drivers assign their own device pointers to a shared channel structure, leading to a race condition. The counter driver may inadvertently perform runtime power management actions on the wrong device, depending on the order in which the drivers are probed. This vulnerability affects the Linux kernel stable tree.

Impact

This vulnerability can cause the counter driver to mismanage power operations, potentially leading to incorrect behavior of the hardware components involved.

Reproduction

The vulnerability can be reproduced by loading the counter and PWM drivers for the RZ/G2L MTU3a hardware. The order in which these drivers are loaded can be manipulated to create a race condition, where each driver overwrites the other's device pointer in the shared channel structure. Once this race condition is established, the counter driver can be observed performing power management actions on the incorrect device, demonstrating the vulnerability.

Remediation

The vulnerability has been addressed by modifying the counter driver to use the correct device pointer, thereby preventing the mismanagement of power operations. Users should apply the latest patches available in the Linux kernel stable tree to mitigate this issue.