Linux Kernel Debugfs Memory Leak Vulnerability in PCN UART TTY Driver

A memory leak vulnerability has been identified in the Linux kernel's PCN UART TTY driver. The issue arises when the debugfs_lookup() function is called; the result must be followed by a dput() call to prevent memory leakage. Failure to do so can lead to a gradual accumulation of unreleased memory. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a memory leak, which can accumulate over time and potentially lead to increased memory usage or exhaustion.

Reproduction

The vulnerability can be reproduced by loading the PCN UART TTY driver and allowing it to run without the necessary memory management calls after using debugfs_lookup(). This will cause memory to leak over time, as the allocated resources are not properly released.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the PCN UART TTY driver to use debugfs_lookup_and_remove(), which automatically handles the memory management correctly. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.