Linux Kernel Memory Leak Vulnerability in Clock Driver

A memory leak vulnerability has been identified in the Linux kernel's clock driver for STMicroelectronics (ST) devices. This issue arises in the 'st_of_quadfs_setup' function, where a failure in the 'st_clk_register_quadfs_pll' function does not properly free a allocated lock before exiting, leading to a memory leak. The vulnerability affects several versions of the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by invoking the 'st_of_quadfs_setup' function in the clock driver for ST devices, with a scenario where the 'st_clk_register_quadfs_pll' function fails. This failure can be simulated by passing parameters that trigger an error response from 'st_clk_register_quadfs_pll', while ensuring that the 'lock' variable is not freed before the function exits, which will result in a memory leak.

Remediation

Users can upgrade to the latest version of the Linux kernel stable tree, where this vulnerability has been addressed. Instructions for downloading the patched version are available on the official Linux kernel website.