Linux Kernel Amlogic SPI Flash Controller ECC Engine Unregistration Vulnerability

A vulnerability exists in the Linux kernel's handling of the NAND ECC engine for the Amlogic SPI Flash Controller. The issue arises because the ECC engine is not properly unregistered during probe failures or device removal, which could lead to resource leaks or undefined behavior. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability could result in a resource leak by failing to properly unregister the ECC engine, potentially leading to memory being held unnecessarily or causing conflicts when the device is removed.

Reproduction

The vulnerability can be reproduced by probing a device that uses the Amlogic SPI Flash Controller. During the probe process, if the registration of the NAND ECC engine fails, the error handling does not properly clean up by unregistering the ECC engine. This failure to clean up can lead to residual effects when the device is removed, such as memory leaks or lingering references that could cause errors.

Remediation

The vulnerability has been addressed in the Linux kernel by adding a cleanup action that automatically unregisters the ECC engine during probe failures and when the device is removed. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.