Linux Kernel Refcount Leak Vulnerability in EDAC/i10nm Driver

A refcount leak vulnerability has been identified in the Linux kernel's EDAC/i10nm driver, specifically within the 'pci_get_dev_wrapper()' function. This issue arises because the 'pci_get_domain_bus_and_slot()' function returns a PCI device with an incremented reference count, eliminating the need for an additional 'pci_dev_get()' call in the wrapper function. Consequently, the PCI device must be released in the error handling path to prevent memory leaks.

Impact

The vulnerability leads to a memory management issue, where the reference count of a PCI device is not properly decremented, potentially causing resource leaks.

Reproduction

The vulnerability can be reproduced by invoking the 'pci_get_dev_wrapper()' function within the EDAC/i10nm driver context. The function will incorrectly handle the reference count of the PCI device, failing to release it in the error path, which can be observed through debugging or monitoring tools that track memory and resource management.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. The specific commit that resolves this issue is '1adb2583cdbd75f379e3230a43a7412d373d499f', which is available in the Linux kernel stable tree.