Linux Kernel EP93XX Framebuffer Driver Improper Device Assignment Vulnerability

A vulnerability exists in the Linux kernel's EP93XX framebuffer driver, specifically in the way it handles device assignments. The driver incorrectly assigns the Linux device to the 'fb_info.dev' structure, overwriting the default value set by 'register_framebuffer()'. This mismanagement leads to a reference count error, where the driver reduces the hardware device's reference counter improperly, causing a leak of the framebuffer device. The issue has been addressed by ensuring that drivers do not override the default device assignment.

Impact

Exploitation of this vulnerability could result in a memory leak, where the framebuffer device is not properly released, potentially leading to increased memory usage or exhaustion.

Reproduction

The vulnerability can be reproduced by loading the EP93XX framebuffer driver in the Linux kernel. The driver will incorrectly assign the Linux device to the 'fb_info.dev' structure, bypassing the intended device management process. This can be observed by monitoring the device's reference count, which will incorrectly decrease, causing a leak of the framebuffer device.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the kernel can be found in the official Linux kernel documentation.