Linux Kernel PM Runtime Error Handling Vulnerability in IIO Gyroscope Driver

A vulnerability has been identified in the Linux kernel's IIO gyroscope driver for the MPU-3050 sensor. The issue arises because the driver does not properly check the return value of the 'pm_runtime_get_sync()' function. This oversight can lead the driver to access hardware that may not have successfully resumed, potentially causing malfunctions. Additionally, the device's usage count is always incremented, regardless of whether the operation was successful. To address this, the driver should use 'pm_runtime_resume_and_get()', which correctly handles errors and prevents unnecessary increments of the usage count. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to improper handling of device power management, allowing the driver to interact with hardware that may not be ready, potentially causing errors or undefined behavior.

Reproduction

The vulnerability can be reproduced by using the affected IIO gyroscope driver with an MPU-3050 sensor. The driver will fail to check if the device has properly resumed before attempting to read data, which can lead to accessing the sensor while it is not ready, causing incorrect readings or errors.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux documentation.