CVE-2022-50820

Vulnerability

Description The vulnerability is a hotplug callback leak in the arm_dmc620 Performance Monitoring Unit (PMU) driver in the Linux kernel. In the function dmc620_pmu_init(), a hotplug callback is registered using cpuhp_setup_state_multi(). However, if platform_driver_register() subsequently fails, the callback is not removed, leading to a resource leak.

Exploitation

An attacker would need to trigger a failure in platform_driver_register() after the hotplug callback has been set up. This could occur due to memory pressure, hardware configuration issues, or other error conditions during driver initialization. No authentication or special privileges are required beyond the ability to interact with the system in a way that causes the driver initialization to fail.

Impact

If the callback is not removed, it remains registered with the CPU hotplug subsystem. This could lead to resource exhaustion, as multiple failed initialization attempts would accumulate callback entries. Additionally, the stale callback may cause undefined behavior or system instability if invoked after the driver state is corrupted.

Mitigation

The fix is implemented in the Linux kernel commit referenced below. The commit adds a call to cpuhp_remove_multi_state() in the failure path of dmc620_pmu_init(), ensuring the callback is properly cleaned up. Users should update to a kernel version containing this commit.