Linux Kernel PCI Device Reference Count Leak Vulnerability in Geode Hardware Random Number Generator Driver

A vulnerability exists in the Linux kernel's Geode hardware random number generator (RNG) driver, specifically in the way PCI device reference counts are managed. The issue arises because the driver fails to properly release references to PCI devices, which can lead to memory management problems. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a reference count leak, where the driver does not properly release references to PCI devices, potentially leading to memory management issues.

Reproduction

The vulnerability can be reproduced by loading the Geode RNG driver on a system with an AMD Geode processor. The driver will increase the reference count for the PCI device it interacts with but will not decrease it when the device is no longer needed. This can be observed by monitoring the reference counts of PCI devices before and after the driver is loaded.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.