Linux Kernel SPI Controller Deregistration Vulnerability

A vulnerability exists in the Linux kernel's SPI (Serial Peripheral Interface) subsystem, specifically within the Freescale (FSL) SPI controller driver. The issue arises because the driver fails to properly deregister the SPI controller before releasing associated resources, such as Direct Memory Access (DMA), during the unbinding process. This flaw can potentially lead to resource leaks or undefined behavior.

Impact

The improper handling of controller deregistration can cause resource leaks or undefined behavior in the driver, which may disrupt normal operation or lead to resource exhaustion.

Reproduction

The vulnerability can be reproduced by loading the affected SPI driver and then unloading it without properly deregistering the SPI controller first. This can be done by manually removing the driver from the kernel, which triggers the unbind process. During this process, the driver will release DMA resources without first deregistering the SPI controller, creating a potential for resource leaks or other issues.

Remediation

Users can apply the latest patches from the Linux kernel stable tree to address this vulnerability. The patches are available in the Linux Git repository under the stable branch.