CVE-2024-56545

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the Hyper-V HID driver in the Linux kernel. When unloading the 'hid hyperv' module, a devres complaint occurs due to the corresponding devres group not being allocated. This happens because the Hyper-V HID driver overrides the 'hid dev->driver' with a 'mousevsc hid driver' stub, which re-implements the hid device probe() function but does not call devres open group(). As a result, when the driver is removed, hid device remove() calls devres release group() without checking if the hdev->driver was initially overridden.

Recommendations To resolve the issue, drop the 'hid dev->driver' override and use hid register driver()/hid unregister driver() instead. Alternatively, rely on the default handling, but note that HID CONNECT DEFAULT implies HID CONNECT HIDRAW, which may not work for mousevsc as-is. At the moment, there is no information about a newer version that contains a fix for this vulnerability.