Linux Kernel USB DWC2 Devres Leak and Regulator Reference Count Vulnerability

A vulnerability in the Linux kernel's USB DWC2 driver has been addressed, concerning a development resource (devres) leak and improper management of regulator reference counts during power management cycles. The issue arises because the hardware enable function, called during suspend and resume operations, adds a new devres action each time, leading to a cumulative leak. This devres_log tracing reveals an 'ADD' entry for each low power cycle, indicating the leak. Additionally, the regulator bulk enable function is called with each power management cycle, but the corresponding disable function is never invoked, causing the reference count for these regulators to increase continuously. The vulnerability could also manifest at runtime, further complicating the resource management.

Impact

Excessive devres resource accumulation can lead to memory management issues, while the unbalanced regulator reference count can cause power management problems, potentially leaving devices in an incorrect state.

Reproduction

The vulnerability can be reproduced by enabling devres logging, allowing the tracing of devres actions. After adding the 'devres_log' entry, the platform can be put into a low power state and then resumed. The tracing will show new 'ADD' entries for each cycle, indicating the devres leak. This issue can also be observed during normal runtime operations, as the hardware enable function can be called from the USB device controller start routine.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.