Linux Kernel Qcom Cpufreq Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Qcom cpufreq driver. The issue arises in the 'qcom_cpufreq_hw_read_lut()' function when the 'cpu_dev' fails to retrieve the operating performance points (opp) table. In such cases, the function returns without releasing the 'table' resource, leading to a memory leak. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by triggering a failure in the 'qcom_cpufreq_hw_read_lut()' function when it attempts to access the opp table. This can be done by manipulating the device tree or the cpufreq driver configuration to create a scenario where the opp table is unavailable or invalid. When the function encounters this issue, it will return an error without freeing the allocated 'table' resource, causing a memory leak.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The specific commit containing the fix is '9901c21bcaf2f01fe5078f750d624f4ddfa8f81b', which is available in the Linux kernel stable tree.