Linux Kernel Clock Driver Memory Leak Vulnerability in i.MX8MN ANATOP

A memory leak vulnerability has been identified in the Linux kernel's clock driver for the i.MX8MN platform. The issue arises in the 'imx8mn_clocks_probe' function, where the 'of_iomap' function is used without proper error handling. This oversight can lead to memory allocated by 'kzalloc' leaking if an error occurs. The vulnerability is present in several versions of the Linux kernel.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not properly freed, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by probing the i.MX8MN clock driver without the necessary error handling for the 'of_iomap' function. This can be done by loading a kernel version that contains the vulnerable clock driver and initiating the clock probe process.

Remediation

The vulnerability has been addressed by modifying the clock driver to use 'devm_of_iomap' instead of 'of_iomap'. This change automatically manages the unused I/O mapping region and prevents memory leaks by using 'devm_kzalloc' to allocate memory, which is automatically freed with 'devm_kfree' in case of an error.