CVE-2024-50023

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: Remove LED entry from LEDs list on unregister<br /> <br /> Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct<br /> ordering") correctly fixed a problem with using devm_ but missed<br /> removing the LED entry from the LEDs list.<br /> <br /> This cause kernel panic on specific scenario where the port for the PHY<br /> is torn down and up and the kmod for the PHY is removed.<br /> <br /> On setting the port down the first time, the assosiacted LEDs are<br /> correctly unregistered. The associated kmod for the PHY is now removed.<br /> The kmod is now added again and the port is now put up, the associated LED<br /> are registered again.<br /> On putting the port down again for the second time after these step, the<br /> LED list now have 4 elements. With the first 2 already unregistered<br /> previously and the 2 new one registered again.<br /> <br /> This cause a kernel panic as the first 2 element should have been<br /> removed.<br /> <br /> Fix this by correctly removing the element when LED is unregistered.