Linux Kernel Memory Leak Vulnerability in Debugfs Lookup Handling

A memory leak vulnerability has been identified in the Linux kernel's handling of debugfs_lookup() within the base driver. The issue arises because the result of debugfs_lookup() must be released with dput() to prevent memory leakage over time. The vulnerability is present in several versions of the Linux kernel. The recommended solution is to use debugfs_lookup_and_remove(), which automatically manages the necessary cleanup, thereby addressing the memory leak.

Impact

The vulnerability leads to a memory leak, causing increased memory usage over time, which could potentially degrade system performance or exhaust available memory resources.

Reproduction

The vulnerability can be reproduced by calling debugfs_lookup() without subsequently calling dput() on the result. This omission will cause a memory leak that accumulates over time. The issue can be observed in the 'deferred_probe_exit' function within the 'drivers/base/dd.c' file, where 'debugfs_remove_recursive(debugfs_lookup("devices_deferred", NULL))' is used. This approach fails to properly release the memory, leading to a leak. The vulnerability can be fixed by replacing this line with 'debugfs_lookup_and_remove("devices_deferred", NULL)', which correctly handles the memory management.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability. Instructions for downloading the patched version can be found in the Linux kernel Git repository.