CVE-2023-53612

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hwmon: (coretemp) Simplify platform device handling<br /> <br /> Coretemp&amp;#39;s platform driver is unconventional. All the real work is done<br /> globally by the initcall and CPU hotplug notifiers, while the "driver"<br /> effectively just wraps an allocation and the registration of the hwmon<br /> interface in a long-winded round-trip through the driver core. The whole<br /> logic of dynamically creating and destroying platform devices to bring<br /> the interfaces up and down is error prone, since it assumes<br /> platform_device_add() will synchronously bind the driver and set drvdata<br /> before it returns, thus results in a NULL dereference if drivers_autoprobe<br /> is turned off for the platform bus. Furthermore, the unusual approach of<br /> doing that from within a CPU hotplug notifier, already commented in the<br /> code that it deadlocks suspend, also causes lockdep issues for other<br /> drivers or subsystems which may want to legitimately register a CPU<br /> hotplug notifier from a platform bus notifier.<br /> <br /> All of these issues can be solved by ripping this unusual behaviour out<br /> completely, simply tying the platform devices to the lifetime of the<br /> module itself, and directly managing the hwmon interfaces from the<br /> hotplug notifiers. There is a slight user-visible change in that<br /> /sys/bus/platform/drivers/coretemp will no longer appear, and<br /> /sys/devices/platform/coretemp.n will remain present if package n is<br /> hotplugged off, but hwmon users should really only be looking for the<br /> presence of the hwmon interfaces, whose behaviour remains unchanged.