Linux Kernel Memory Leak Vulnerability in Class Registration

A memory leak vulnerability has been identified in the Linux kernel's class registration process. This issue arises in the '__class_register()' function, where the 'cp' structure is not properly freed if 'class_add_groups()' returns an error. The 'cp->subsys' needs to be unregistered, and the 'cp' must be freed to prevent a memory leak. However, calling 'kset_unregister()' is problematic because the 'cls' will be freed in the 'class_release()' callback and also in the caller's error path, leading to a double free situation. This vulnerability can be triggered by a fault injection test that simulates an error in group addition, leaving unreferenced objects in memory.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by registering a class and then simulating an error during the group addition process. This can be done by using the 'modprobe' command, which will trigger the fault injection test that exposes the memory leak. The unreferenced objects can be observed as a result of this error, indicating that the vulnerability has been successfully reproduced.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.