Linux Kernel ALSA AC97 Device Registration Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's AC97 audio driver. The issue arises in the 'snd_ac97_dev_register()' function, where the 'device_register()' call can fail. In such cases, the function should invoke 'put_device()' to release the reference, otherwise, the name assigned by 'dev_set_name()' is not properly freed, leading to a memory leak. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by registering an AC97 device and simulating a failure in the 'device_register()' call within the 'snd_ac97_dev_register()' function'. This can be done by modifying the return value of the 'device_register()' call to indicate a failure, while ensuring that 'put_device()' is not called to release the reference. This will result in the name allocated by 'dev_set_name()' being leaked, creating a memory leak scenario.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.