Linux Kernel Staging PI433 Debugfs Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's staging PI433 driver. When the function debugfs_lookup() is called, the returned result must be released with dput() to prevent a gradual memory leak. The vulnerability arises because this requirement is not always met, leading to increased memory usage over time. The issue has been addressed by modifying the driver to use debugfs_lookup_and_remove(), which automatically handles the necessary cleanup. This change simplifies the code and prevents the memory leak by ensuring that resources are properly released.

Impact

The vulnerability could lead to a memory leak, causing increased memory usage over time, which could potentially degrade system performance.

Reproduction

The vulnerability can be reproduced by loading the staging PI433 driver and creating debugfs entries without properly releasing the allocated resources. This can be done by using the debugfs_lookup() function to access debugfs directories for the PI433 driver, and then failing to call dput() on the results, allowing the memory to leak. The issue occurs during the driver's initialization and removal processes, where the debugfs directories are created and deleted.

Remediation

The vulnerability has been fixed in the Linux kernel by updating the PI433 driver to use debugfs_lookup_and_remove() instead of debugfs_lookup(), ensuring that memory is properly managed. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.