Linux Kernel Platform-Device Leak Vulnerability in MIPS SGI-IP27

A platform-device leak vulnerability has been identified in the Linux kernel MIPS SGI-IP27 architecture. The issue arises in the 'bridge_platform_create' function, where, upon encountering an error after adding platform devices and resources, the failed device is not properly released, leading to a resource leak. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a memory leak by not releasing failed platform devices, which can accumulate and cause resource exhaustion.

Reproduction

The vulnerability can be reproduced by triggering an error in the 'bridge_platform_create' function after it has attempted to add a platform device or its resources. This can be done by simulating a failure in the device addition process without properly handling the error, allowing the function to exit without releasing the allocated resources.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for downloading the patched version are available on the Linux kernel official website.