Linux Kernel Platform-Device Leak Vulnerability in Sysfb Firmware Driver

A vulnerability in the Linux kernel's firmware sysfb driver has been addressed, which involved a platform-device leak in the error handling path of the sysfb_create_simplefb function. This issue could occur if the registration of a platform device failed, leading to a resource leak by not properly freeing the device. The vulnerability was present in the stable Linux kernel versions through 5.14.

Impact

The vulnerability could lead to a resource leak by failing to release a platform device when an error occurs during the device's registration process, potentially causing memory management issues.

Reproduction

The vulnerability can be reproduced by creating a platform device using the sysfb_create_simplefb function in the firmware sysfb driver. If the function encounters an error during the device registration, it fails to release the device, causing a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been fixed.