Linux Kernel fotg210 USB Host Controller Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's fotg210 USB host controller driver. This issue arises when the debugfs_lookup() function is called without subsequently releasing the reference with dput(), leading to a gradual increase in memory usage. The vulnerability affects the stable versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by using the fotg210 USB host controller driver and performing operations that involve the debugfs_lookup() function. Without calling dput() to release the reference, the memory leak will occur. This can be observed by monitoring the system's memory usage over time, which will gradually increase due to the unfreed memory.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the fotg210 USB host controller driver to use debugfs_lookup_and_remove() instead of debugfs_lookup(). This change ensures that the memory is properly managed, preventing the leak.