CVE-2023-54044

In the Linux kernel, the following vulnerability has been resolved:

spmi: Add a check for remove callback when removing a SPMI driver

When removing a SPMI driver, there can be a crash due to NULL pointer
dereference if it does not have a remove callback defined. This is
one such call trace observed when removing the QCOM SPMI PMIC driver:

 dump_backtrace.cfi_jt+0x0/0x8
 dump_stack_lvl+0xd8/0x16c
 panic+0x188/0x498
 __cfi_slowpath+0x0/0x214
 __cfi_slowpath+0x1dc/0x214
 spmi_drv_remove+0x16c/0x1e0
 device_release_driver_internal+0x468/0x79c
 driver_detach+0x11c/0x1a0
 bus_remove_driver+0xc4/0x124
 driver_unregister+0x58/0x84
 cleanup_module+0x1c/0xc24 [qcom_spmi_pmic]
 __do_sys_delete_module+0x3ec/0x53c
 __arm64_sys_delete_module+0x18/0x28
 el0_svc_common+0xdc/0x294
 el0_svc+0x38/0x9c
 el0_sync_handler+0x8c/0xf0
 el0_sync+0x1b4/0x1c0

If a driver has all its resources allocated through devm_() APIs and
does not need any other explicit cleanup, it would not require a
remove callback to be defined. Hence, add a check for remove callback
presence before calling it when removing a SPMI driver.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.247-1
fixed
bookworm
6.1.148-1
fixed
bookworm (security)
6.1.158-1
fixed
trixie
6.12.57-1
fixed
trixie (security)
6.12.48-1
fixed
forky
6.17.12-1
fixed
sid
6.17.13-1
fixed
References
https://git.kernel.org/stable/c/0f3ef30c1c05502f5de3b73b3715d5994845c1b4
https://git.kernel.org/stable/c/428cc252701d6864151f3a296ffc23e1e49a7408
https://git.kernel.org/stable/c/54dda732225555dc6d660e95793c54a0a44b612c
https://git.kernel.org/stable/c/699949219e35fe29fd42ccf8cd92c989c3d15109
https://git.kernel.org/stable/c/af763c29b9e7040fedd0077bca053b101438a3a4
https://git.kernel.org/stable/c/b56eef3e16d888883fefab47425036de80dd38fc
https://git.kernel.org/stable/c/b95a69214daea4aab1c8bad96571d988a62e2c97
https://git.kernel.org/stable/c/c45ab3ab9c371c9ac22bbe1217e5abb2e55a3d4b
https://git.kernel.org/stable/c/ee0b6146317a98bfec848d7bde5586beb245a38f