Linux Kernel ALSA AOA I2SBus Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's ALSA AOA I2SBus component. The issue arises in the 'i2sbus_add_dev()' function, where 'dev_set_name()' allocates memory for the device name. If 'of_device_register()' fails, this memory is not properly freed, leading to a leak. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a memory leak, causing increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by adding a device to the I2SBus while the 'of_device_register()' function fails. This can be done by modifying the 'i2sbus_add_dev()' function to simulate a registration failure, which will cause the allocated memory for the device name to not be freed, thus creating a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for upgrading the Linux kernel can be found in the official Linux kernel documentation.