CVE-2024-58079

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: uvcvideo: Fix crash during unbind if gpio unit is in use<br /> <br /> We used the wrong device for the device managed functions. We used the<br /> usb device, when we should be using the interface device.<br /> <br /> If we unbind the driver from the usb interface, the cleanup functions<br /> are never called. In our case, the IRQ is never disabled.<br /> <br /> If an IRQ is triggered, it will try to access memory sections that are<br /> already free, causing an OOPS.<br /> <br /> We cannot use the function devm_request_threaded_irq here. The devm_*<br /> clean functions may be called after the main structure is released by<br /> uvc_delete.<br /> <br /> Luckily this bug has small impact, as it is only affected by devices<br /> with gpio units and the user has to unbind the device, a disconnect will<br /> not trigger this error.