Linux Kernel USB Gadget PXA25X UDC Debugfs Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's USB gadget subsystem, specifically within the PXA25X USB Device Controller (UDC) driver). The issue arises when the 'debugfs_lookup()' function is called; the resulting reference must be released with 'dput()' to prevent memory leakage. Failure to do so can lead to a gradual increase in memory usage over time. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability leads to a memory leak, causing increased memory usage over time, which can potentially degrade system performance or exhaust available memory resources.

Reproduction

The vulnerability can be reproduced by loading the PXA25X UDC driver and creating debugfs files for the USB gadget. The 'debugfs_lookup()' function will be called without properly releasing the reference, leading to a memory leak. This can be verified by monitoring memory usage over time, which will show a gradual increase due to the unfreed references.

Remediation

The vulnerability has been addressed in the Linux kernel by modifying the PXA25X UDC driver to use 'debugfs_lookup_and_remove()' instead of 'debugfs_lookup()'. This change ensures that the reference is properly released, preventing the memory leak.