Linux Kernel IIO Trigger Sysfs Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's IIO (Industrial I/O) subsystem, specifically within the sysfs trigger management. The issue arises in the 'iio_sysfs_trig_init()' function, where memory allocated for device names is not properly freed if 'device_add()' fails. This oversight can lead to unreferenced memory objects, as demonstrated by a fault injection test that triggered the leak. The vulnerability has been resolved in the Linux kernel.

Impact

Exploitation of this vulnerability could lead to a memory leak, causing increased memory usage and potentially leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by loading a module that utilizes the IIO sysfs trigger management. The 'iio_sysfs_trig_init()' function will allocate memory for the device name. If 'device_add()' fails, the allocated memory is not freed, leading to a memory leak. This can be observed with a fault injection test that triggers the unreferenced object.