Linux Kernel WUSB3801 Refcount Leak Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's USB Type-C WUSB3801 port controller driver. This issue arises in the 'wusb3801_probe' function, where the reference count of a firmware node is not properly balanced. If the hardware initialization fails, the excess references are not released, leading to a memory leak. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability causes a memory leak by improperly managing the reference count of a firmware node, which can lead to increased memory usage and potential degradation of system performance.

Reproduction

The vulnerability can be reproduced by probing the WUSB3801 port controller driver, which is part of the USB Type-C subsystem. During this process, if the hardware initialization fails, the firmware node reference count is not correctly decremented, causing a memory leak. This issue can be observed by monitoring the reference count of the overlay node associated with the Type-C port controller.

Remediation

Users can apply the patch available in the Linux stable tree to address this vulnerability. The patch is included in the commit '82d1211f673bbdc822eaf1dbcbf1f2ae06556964', which can be downloaded as a tarball.