CVE-2021-47284

In the Linux kernel, the following vulnerability has been resolved:

isdn: mISDN: netjet: Fix crash in nj_probe:

'njsetup' in netjet.c might fail with -EIO and in this case 'card->irq' is initialized and is bigger than zero. A subsequent call to 'njrelease' will free the irq that has not been requested.

Fix this bug by deleting the previous assignment to 'card->irq' and just keep the assignment before 'request_irq'.

The KASAN's log reveals it:

[ 3.354615 ] WARNING: CPU: 0 PID: 1 at kernel/irq/manage.c:1826 freeirq+0x100/0x480 [ 3.355112 ] Modules linked in: [ 3.355310 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.13.0-rc1-00144-g25a1298726e #13 [ 3.355816 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 3.356552 ] RIP: 0010:freeirq+0x100/0x480 [ 3.356820 ] Code: 6e 08 74 6f 4d 89 f4 e8 5e ac 09 00 4d 8b 74 24 18 4d 85 f6 75 e3 e8 4f ac 09 00 8b 75 c8 48 c7 c7 78 c1 2e 85 e8 e0 cf f5 ff <0f> 0b 48 8b 75 c0 4c 89 ff e8 72 33 0b 03 48 8b 43 40 4c 8b a0 80 [ 3.358012 ] RSP: 0000:ffffc90000017b48 EFLAGS: 00010082 [ 3.358357 ] RAX: 0000000000000000 RBX: ffff888104dc8000 RCX: 0000000000000000 [ 3.358814 ] RDX: ffff8881003c8000 RSI: ffffffff8124a9e6 RDI: 00000000ffffffff [ 3.359272 ] RBP: ffffc90000017b88 R08: 0000000000000000 R09: 0000000000000000 [ 3.359732 ] R10: ffffc900000179f0 R11: 0000000000001d04 R12: 0000000000000000 [ 3.360195 ] R13: ffff888107dc6000 R14: ffff888107dc6928 R15: ffff888104dc80a8 [ 3.360652 ] FS: 0000000000000000(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 [ 3.361170 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3.361538 ] CR2: 0000000000000000 CR3: 000000000582e000 CR4: 00000000000006f0 [ 3.362003 ] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3.362175 ] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3.362175 ] Call Trace: [ 3.362175 ] njrelease+0x51/0x1e0 [ 3.362175 ] njprobe+0x450/0x950 [ 3.362175 ] ? pcideviceremove+0x110/0x110 [ 3.362175 ] localpciprobe+0x45/0xa0 [ 3.362175 ] pcideviceprobe+0x12b/0x1d0 [ 3.362175 ] reallyprobe+0x2a9/0x610 [ 3.362175 ] driverprobedevice+0x90/0x1d0 [ 3.362175 ] ? mutexlocknested+0x1b/0x20 [ 3.362175 ] devicedriverattach+0x68/0x70 [ 3.362175 ] _driverattach+0x124/0x1b0 [ 3.362175 ] ? devicedriverattach+0x70/0x70 [ 3.362175 ] busforeachdev+0xbb/0x110 [ 3.362175 ] ? rdinitsetup+0x45/0x45 [ 3.362175 ] driverattach+0x27/0x30 [ 3.362175 ] busadddriver+0x1eb/0x2a0 [ 3.362175 ] driverregister+0xa9/0x180 [ 3.362175 ] _pciregisterdriver+0x82/0x90 [ 3.362175 ] ? w6692init+0x38/0x38 [ 3.362175 ] njinit+0x36/0x38 [ 3.362175 ] dooneinitcall+0x7f/0x3d0 [ 3.362175 ] ? rdinitsetup+0x45/0x45 [ 3.362175 ] ? rcureadlockschedheld+0x4f/0x80 [ 3.362175 ] kernelinitfreeable+0x2aa/0x301 [ 3.362175 ] ? restinit+0x2c0/0x2c0 [ 3.362175 ] kernelinit+0x18/0x190 [ 3.362175 ] ? restinit+0x2c0/0x2c0 [ 3.362175 ] ? restinit+0x2c0/0x2c0 [ 3.362175 ] retfromfork+0x1f/0x30 [ 3.362175 ] Kernel panic - not syncing: paniconwarn set ... [ 3.362175 ] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.13.0-rc1-00144-g25a1298726e #13 [ 3.362175 ] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 3.362175 ] Call Trace: [ 3.362175 ] dumpstack+0xba/0xf5 [ 3.362175 ] ? freeirq+0x100/0x480 [ 3.362175 ] panic+0x15a/0x3f2 [ 3.362175 ] ? _warn+0xf2/0x150 [ 3.362175 ] ? freeirq+0x100/0x480 [ 3.362175 ] _warn+0x108/0x150 [ 3.362175 ] ? freeirq+0x100/0x480 [ 3.362175 ] reportbug+0x119/0x1c0 [ 3.362175 ] handlebug+0x3b/0x80 [ 3.362175 ] excinvalidop+0x18/0x70 [ 3.362175 ] asmexcinvalidop+0x12/0x20 [ 3.362175 ] RIP: 0010:free_irq+0x100 ---truncated---