CVE-2023-53515

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> virtio-mmio: don&amp;#39;t break lifecycle of vm_dev<br /> <br /> vm_dev has a separate lifecycle because it has a &amp;#39;struct device&amp;#39;<br /> embedded. Thus, having a release callback for it is correct.<br /> <br /> Allocating the vm_dev struct with devres totally breaks this protection,<br /> though. Instead of waiting for the vm_dev release callback, the memory<br /> is freed when the platform_device is removed. Resulting in a<br /> use-after-free when finally the callback is to be called.<br /> <br /> To easily see the problem, compile the kernel with<br /> CONFIG_DEBUG_KOBJECT_RELEASE and unbind with sysfs.<br /> <br /> The fix is easy, don&amp;#39;t use devres in this case.<br /> <br /> Found during my research about object lifetime problems.