Description
In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard mana_remove against double invocation If PM resume fails (e.g., mana_attach() returns an error), mana_probe() calls mana_remove(), which tears down the device and sets gd->gdma_context = NULL and gd->driver_data = NULL. However, a failed resume callback does not automatically unbind the driver. When the device is eventually unbound, mana_remove() is invoked a second time. Without a NULL check, it dereferences gc->dev with gc == NULL, causing a kernel panic. Add an early return if gdma_context or driver_data is NULL so the second invocation is harmless. Move the dev = gc->dev assignment after the guard so it cannot dereference NULL.
Product status
635096a86edb067d55a1e04b4a918f5c6dac0c51 (git) before a1ddfd2c0b7a48e5239fadd2a24cc4bc2cda90e6
635096a86edb067d55a1e04b4a918f5c6dac0c51 (git) before bbe5c3c570645a4ceb120979d3ee203a1583d775
635096a86edb067d55a1e04b4a918f5c6dac0c51 (git) before 50271d7ec95144d26808025b508f463780517d3c
5.16
Any version before 5.16
6.18.33 (semver)
7.0.10 (semver)
7.1 (original_commit_for_fix)
References
git.kernel.org/...c/a1ddfd2c0b7a48e5239fadd2a24cc4bc2cda90e6
git.kernel.org/...c/bbe5c3c570645a4ceb120979d3ee203a1583d775
git.kernel.org/...c/50271d7ec95144d26808025b508f463780517d3c