Linux Kernel Watchdog Device Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's watchdog device management. The issue arises in the 'watchdog_cdev_register' function, where the 'put_device' function is not called if 'cdev_device_add' fails and the watchdog device ID is not zero. This oversight prevents proper cleanup of allocated memory, leading to unreferenced objects that kmemleak can detect as memory leaks. The vulnerability affects the Linux kernel's stable versions.

Impact

The vulnerability causes a memory leak in the watchdog device registration process, where allocated memory is not properly released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading a kernel module that registers a watchdog device. The 'watchdog_cdev_register' function will be called, and if 'cdev_device_add' fails while the watchdog ID is not zero, the 'put_device' cleanup step will be skipped. This sequence creates a memory leak that kmemleak can later report.

Remediation

The vulnerability has been fixed in the Linux kernel. Users should upgrade to the latest version where this issue has been addressed.