cve/2024/CVE-2024-56545.md

### [CVE-2024-56545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56545)
![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=62c68e7cee332e08e625af3bca3318814086490d%3C%20b03e713a400aeb5f969bab4daf47a7402d0df814%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Linux kernel, the following vulnerability has been resolved:HID: hyperv: streamline driver probe to avoid devres issuesIt was found that unloading 'hid_hyperv' module results in a devrescomplaint: ... hv_vmbus: unregistering driver hid_hyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0 ... Call Trace:  <TASK>  ? devres_release_group+0x1f2/0x2c0  ? __warn+0xd1/0x1c0  ? devres_release_group+0x1f2/0x2c0  ? report_bug+0x32a/0x3c0  ? handle_bug+0x53/0xa0  ? exc_invalid_op+0x18/0x50  ? asm_exc_invalid_op+0x1a/0x20  ? devres_release_group+0x1f2/0x2c0  ? devres_release_group+0x90/0x2c0  ? rcu_is_watching+0x15/0xb0  ? __pfx_devres_release_group+0x10/0x10  hid_device_remove+0xf5/0x220  device_release_driver_internal+0x371/0x540  ? klist_put+0xf3/0x170  bus_remove_device+0x1f1/0x3f0  device_del+0x33f/0x8c0  ? __pfx_device_del+0x10/0x10  ? cleanup_srcu_struct+0x337/0x500  hid_destroy_device+0xc8/0x130  mousevsc_remove+0xd2/0x1d0 [hid_hyperv]  device_release_driver_internal+0x371/0x540  driver_detach+0xc5/0x180  bus_remove_driver+0x11e/0x2a0  ? __mutex_unlock_slowpath+0x160/0x5e0  vmbus_driver_unregister+0x62/0x2b0 [hv_vmbus]  ...And the issue seems to be that the corresponding devres group is notallocated. Normally, devres_open_group() is called from__hid_device_probe() but Hyper-V HID driver overrides 'hid_dev->driver'with 'mousevsc_hid_driver' stub and basically re-implements__hid_device_probe() by calling hid_parse() and hid_hw_start() but notdevres_open_group(). hid_device_probe() does not call __hid_device_probe()for it. Later, when the driver is removed, hid_device_remove() callsdevres_release_group() as it doesn't check whether hdev->driver wasinitially overridden or not.The issue seems to be related to the commit 62c68e7cee33 ("HID: ensuretimely release of driver-allocated resources") but the commit itself seemsto be correct.Fix the issue by dropping the 'hid_dev->driver' override and usinghid_register_driver()/hid_unregister_driver() instead. Alternatively, itwould have been possible to rely on the default handling butHID_CONNECT_DEFAULT implies HID_CONNECT_HIDRAW and it doesn't seem to workfor mousevsc as-is.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/cku-heise/euvd-api-doc
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`### [CVE-2024-56545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56545)`
			`![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=62c68e7cee332e08e625af3bca3318814086490d%3C%20b03e713a400aeb5f969bab4daf47a7402d0df814%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			In the Linux kernel, the following vulnerability has been resolved:HID: hyperv: streamline driver probe to avoid devres issuesIt was found that unloading 'hid_hyperv' module results in a devrescomplaint: ... hv_vmbus: unregistering driver hid_hyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0 ... Call Trace: <TASK> ? devres_release_group+0x1f2/0x2c0 ? __warn+0xd1/0x1c0 ? devres_release_group+0x1f2/0x2c0 ? report_bug+0x32a/0x3c0 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? devres_release_group+0x1f2/0x2c0 ? devres_release_group+0x90/0x2c0 ? rcu_is_watching+0x15/0xb0 ? __pfx_devres_release_group+0x10/0x10 hid_device_remove+0xf5/0x220 device_release_driver_internal+0x371/0x540 ? klist_put+0xf3/0x170 bus_remove_device+0x1f1/0x3f0 device_del+0x33f/0x8c0 ? __pfx_device_del+0x10/0x10 ? cleanup_srcu_struct+0x337/0x500 hid_destroy_device+0xc8/0x130 mousevsc_remove+0xd2/0x1d0 [hid_hyperv] device_release_driver_internal+0x371/0x540 driver_detach+0xc5/0x180 bus_remove_driver+0x11e/0x2a0 ? __mutex_unlock_slowpath+0x160/0x5e0 vmbus_driver_unregister+0x62/0x2b0 [hv_vmbus] ...And the issue seems to be that the corresponding devres group is notallocated. Normally, devres_open_group() is called from__hid_device_probe() but Hyper-V HID driver overrides 'hid_dev->driver'with 'mousevsc_hid_driver' stub and basically re-implements__hid_device_probe() by calling hid_parse() and hid_hw_start() but notdevres_open_group(). hid_device_probe() does not call __hid_device_probe()for it. Later, when the driver is removed, hid_device_remove() callsdevres_release_group() as it doesn't check whether hdev->driver wasinitially overridden or not.The issue seems to be related to the commit 62c68e7cee33 ("HID: ensuretimely release of driver-allocated resources") but the commit itself seemsto be correct.Fix the issue by dropping the 'hid_dev->driver' override and usinghid_register_driver()/hid_unregister_driver() instead. Alternatively, itwould have been possible to rely on the default handling butHID_CONNECT_DEFAULT implies HID_CONNECT_HIDRAW and it doesn't seem to workfor mousevsc as-is.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/cku-heise/euvd-api-doc`