Linux Kernel Refcount Leak Vulnerability in MTD Device Management

A refcount leak vulnerability has been identified in the Linux kernel's MTD (Memory Technology Device) subsystem. The issue arises in the 'del_mtd_device()' function, which improperly manages the reference count of device nodes. Specifically, 'del_mtd_device()' calls 'of_node_put()' after clearing the device structure, leading to a memory leak. This vulnerability affects several versions of the Linux kernel, including 6.1.0-rc3+.

Impact

Exploitation of this vulnerability causes a memory leak by unbalancing the reference count of device nodes, which can lead to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by calling the 'del_mtd_device()' function with a valid MTD device. The function will clear the device's 'of_node' reference before properly releasing it, causing a memory leak. This can be observed in the kernel log, which will indicate an unbalanced reference count error.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed.