Linux Kernel Memory Leak Vulnerability in Power Management Debugfs Handling

A memory leak vulnerability has been identified in the Linux kernel's power management domain handling. When the function 'debugfs_lookup()' is called, the result must be released with 'dput()' to prevent memory leakage over time. The vulnerability arises because this requirement is not always met, leading to a gradual accumulation of unreleased memory. The issue has been addressed by modifying the code to use 'debugfs_lookup_and_remove()', which automatically manages the necessary memory operations, thereby eliminating the leak.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, causing increased memory usage over time and potentially leading to memory exhaustion.

Reproduction

The vulnerability can be reproduced by invoking 'debugfs_lookup()' in the context of a generic power management domain without subsequently calling 'dput()' to release the reference. This omission allows the memory allocated by 'debugfs_lookup()' to remain unreleased, creating a gradual memory leak. The issue can be observed in the 'genpd_debug_remove()' function, where 'debugfs_lookup()' is called without a corresponding 'dput()' before the debugfs entry is removed.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can apply the latest updates from the Linux kernel stable repository to address this issue.