bcmasp WoL IRQ Double-Free

Vulnerability analysis

Root Cause: The bcmasp driver was incorrectly calling free_irq() on a Wake-on-LAN interrupt that was allocated using devm_request_irq(). When using the device-managed resource allocation function devm_request_irq(), the interrupt is automatically freed when the device is removed or the driver is unloaded. The manual free_irq() call in bcmasp_wol_irq_destroy() created a double-free condition where the same IRQ resource would be freed twice - once manually and once automatically by the device resource management system.

Attack Surface: This vulnerability affects systems using Broadcom ASP2 network controllers with Wake-on-LAN functionality enabled. The double-free occurs during driver cleanup operations (module unload, device removal, or probe failure), making it primarily a local attack surface issue that requires administrative privileges to trigger through driver management operations.

Fix Mechanism: The fix removes the manual IRQ cleanup code entirely. The bcmasp_wol_irq_destroy() function is deleted, and calls to it are removed from both the error cleanup path in bcmasp_probe() and the normal cleanup path in bcmasp_remove(). This allows the device resource management system to handle the IRQ cleanup automatically and safely.