Linux Kernel Memory Leak Vulnerability in Debugfs Lookup Handling

A memory leak vulnerability has been identified in the Linux kernel's handling of debugfs_lookup() within the time/debug subsystem. When debugfs_lookup() is called, the returned result must be released with dput() to prevent memory leakage over time. The vulnerability exists because this requirement was not met, leading to a gradual memory leak. The issue has been addressed by modifying the code to use debugfs_lookup_and_remove(), which automatically manages the necessary cleanup, thereby eliminating the memory leak.

Impact

The vulnerability causes a memory leak, which can accumulate over time and potentially lead to increased memory usage or exhaustion.

Reproduction

The vulnerability can be reproduced by calling debugfs_lookup() without properly releasing the result using dput(). This oversight creates a memory leak that persists over time. The issue can be observed in the time/debug subsystem of the Linux kernel.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the official Linux kernel website.