CVE-2024-56545
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56545
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-56545.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-56545
- Downstream
- Related
- Published
- 2024-12-27T14:11:26Z
- Modified
- 2025-10-17T19:01:05.739818Z
- Summary
- HID: hyperv: streamline driver probe to avoid devres issues
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
HID: hyperv: streamline driver probe to avoid devres issues
It was found that unloading 'hid_hyperv' module results in a devres complaint:
... hvvmbus: unregistering driver hidhyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devresreleasegroup+0x1f2/0x2c0 ... Call Trace: <TASK> ? devresreleasegroup+0x1f2/0x2c0 ? _warn+0xd1/0x1c0 ? devresreleasegroup+0x1f2/0x2c0 ? reportbug+0x32a/0x3c0 ? handlebug+0x53/0xa0 ? excinvalidop+0x18/0x50 ? asmexcinvalidop+0x1a/0x20 ? devresreleasegroup+0x1f2/0x2c0 ? devresreleasegroup+0x90/0x2c0 ? rcuiswatching+0x15/0xb0 ? _pfxdevresreleasegroup+0x10/0x10 hiddeviceremove+0xf5/0x220 devicereleasedriverinternal+0x371/0x540 ? klistput+0xf3/0x170 busremovedevice+0x1f1/0x3f0 devicedel+0x33f/0x8c0 ? _pfxdevicedel+0x10/0x10 ? cleanupsrcustruct+0x337/0x500 hiddestroydevice+0xc8/0x130 mousevscremove+0xd2/0x1d0 [hidhyperv] devicereleasedriverinternal+0x371/0x540 driverdetach+0xc5/0x180 busremovedriver+0x11e/0x2a0 ? _mutexunlockslowpath+0x160/0x5e0 vmbusdriverunregister+0x62/0x2b0 [hvvmbus] ...
And the issue seems to be that the corresponding devres group is not allocated. Normally, devresopengroup() is called from _hiddeviceprobe() but Hyper-V HID driver overrides 'hiddev->driver' with 'mousevschiddriver' stub and basically re-implements _hiddeviceprobe() by calling hidparse() and hidhwstart() but not devresopengroup(). hiddeviceprobe() does not call _hiddeviceprobe() for it. Later, when the driver is removed, hiddeviceremove() calls devresrelease_group() as it doesn't check whether hdev->driver was initially overridden or not.
The issue seems to be related to the commit 62c68e7cee33 ("HID: ensure timely release of driver-allocated resources") but the commit itself seems to be correct.
Fix the issue by dropping the 'hiddev->driver' override and using hidregisterdriver()/hidunregisterdriver() instead. Alternatively, it would have been possible to rely on the default handling but HIDCONNECTDEFAULT implies HIDCONNECT_HIDRAW and it doesn't seem to work for mousevsc as-is.
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/19a9457e5e210e408c1f8865b5d93c5a2c90409d
- https://git.kernel.org/stable/c/3d48d0fbaaa74a04fb9092780a3f83dc4f3f8160
- https://git.kernel.org/stable/c/66ef47faa90d838cda131fe1f7776456cc3b59f2
- https://git.kernel.org/stable/c/b03e713a400aeb5f969bab4daf47a7402d0df814
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced62c68e7cee332e08e625af3bca3318814086490dFixedb03e713a400aeb5f969bab4daf47a7402d0df814
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced62c68e7cee332e08e625af3bca3318814086490dFixed19a9457e5e210e408c1f8865b5d93c5a2c90409d
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced62c68e7cee332e08e625af3bca3318814086490dFixed3d48d0fbaaa74a04fb9092780a3f83dc4f3f8160
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced62c68e7cee332e08e625af3bca3318814086490dFixed66ef47faa90d838cda131fe1f7776456cc3b59f2