Linux Kernel IIO Memory Leak Vulnerability in Event Registration

A memory leak vulnerability has been identified in the Linux kernel's Industrial I/O (IIO) subsystem. The issue arises in the function 'iio_device_register_eventset()'. When 'iio_device_register_sysfs_group()' fails, the 'iio_device_register_eventset()' function does not properly free the 'attrs' array, leading to a memory leak. This leak is detected by 'kmemleak', which reports the unreferenced object as a memory leak. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a memory leak in the IIO subsystem, which can lead to increased memory usage and potential exhaustion of system resources over time.

Reproduction

The vulnerability can be reproduced by registering an IIO device event set while the 'iio_device_register_sysfs_group()' function returns a failure. This scenario will cause the 'attrs' array to remain allocated and unreferenced, creating a memory leak that 'kmemleak' can detect.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.