Linux Kernel MTD Device Name Leak Vulnerability in add_mtd_device()

A memory leak vulnerability has been identified in the Linux kernel's MTD (Memory Technology Device) subsystem. This issue occurs in the 'add_mtd_device()' function, where the device name is not properly released if the device registration fails. As a result, an unreferenced object remains, leading to a memory leak. The vulnerability was introduced in a previous commit that updated the MTD driver model.

Impact

The vulnerability causes a memory leak, where allocated memory is not properly freed, potentially leading to increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by loading a kernel module that registers an MTD device. If the device registration fails, the 'add_mtd_device()' function does not call 'put_device()' to release the device reference, causing a memory leak. This can be observed using the 'kmemleak' feature, which reports the unreferenced object as a memory leak.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.