Linux Kernel SPI Controller Deregistration Vulnerability in RSPI Driver

A vulnerability exists in the Linux kernel's SPI RSPI driver, specifically in the handling of controller deregistration during the unbinding of the driver. The issue arises because the controller is not properly deregistered before releasing essential resources such as DMA, which can lead to resource management problems. This vulnerability affects the Linux kernel stable tree, particularly versions through 3.14.

Impact

The vulnerability can cause improper resource management by failing to deregister the SPI controller before releasing DMA resources, potentially leading to resource leaks or conflicts.

Reproduction

To reproduce this vulnerability, load the RSPI SPI controller driver in a version of the Linux kernel prior to 3.14. When the driver is unbound, the controller will not be properly deregistered before the DMA resources are released, creating a mismatch in resource management.

Remediation

Users can upgrade to a version of the Linux kernel that includes the commit fixing this vulnerability. The patch is available in the Linux kernel stable tree.