Linux Kernel USB Chipidea Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's USB Chipidea driver. The issue arises when the debugfs_lookup() function is called; the resulting reference must be released with dput() to prevent memory leakage. Failure to do so can lead to a gradual increase in memory usage over time. The vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability leads to a memory leak, causing increased memory usage over time, which can potentially degrade system performance.

Reproduction

The vulnerability can be reproduced by calling the debugfs_lookup() function in the USB Chipidea driver without properly releasing the reference using dput(). This oversight allows memory to leak, as the allocated resource is not returned, causing a gradual increase in memory consumption.

Remediation

The vulnerability has been addressed by modifying the USB Chipidea driver to use debugfs_lookup_and_remove(), which automatically handles the reference management and prevents the memory leak.