Linux Kernel DWC3 QCOM Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's DWC3 QCOM USB driver. The issue arises in the 'dwc3_qcom_interconnect_init' function, where resources allocated for the interconnect path handle are not properly released when no longer needed. This oversight contrasts with the correct release process implemented in the 'dwc3_qcom_interconnect_exit' function. The vulnerability has been addressed by adding an 'icc_put' call in the error handling process, ensuring that allocated resources are properly freed.

Impact

The vulnerability leads to a memory leak, where allocated resources are not released, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by loading the DWC3 QCOM USB driver in a Linux kernel environment where the interconnect support is enabled. The 'dwc3_qcom_interconnect_init' function will be called, allocating resources for the interconnect path handle. If an error occurs during the initialization process, the function will exit without releasing the allocated resources, causing a memory leak.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix is '97a48da1619ba6bd42a0e5da0a03aa490a9496b1', which is available in the Linux kernel stable tree.