Linux Kernel SPI:IMX Platform Driver Resource Leak Vulnerability

A vulnerability exists in the Linux kernel's SPI:IMX platform driver, where the remove callback does not properly release DMA resources in the event of an error. This oversight leads to a permanent resource leak, as the error condition is not retried. The issue has been addressed by modifying the remove function to ensure that hardware disabling is only skipped if there is a failure in waking the device, allowing for proper cleanup of resources.

Impact

The vulnerability causes a permanent leak of DMA resources, which can lead to increased memory usage and potential degradation of system performance over time.

Reproduction

To reproduce this vulnerability, load a device driver that uses the SPI:IMX platform driver. During the removal process, simulate an error condition that prevents the proper release of DMA resources. This can be done by interrupting the normal flow of the remove callback, causing it to return an error before the DMA resources are cleaned up. After the error occurs, observe that the DMA resources remain allocated, creating a leak that is not resolved.

Remediation

The vulnerability has been fixed in the Linux kernel stable tree. Users can upgrade to the latest version to address this issue.