Linux Kernel Memory Leak Vulnerability in Energy Model Debugfs Handling

A memory leak vulnerability has been identified in the Linux kernel's energy model component. When the function 'debugfs_lookup()' is used, the returned result must be released with 'dput()' to prevent memory leakage. Failure to do so can cause a gradual increase in memory usage over time. The vulnerability arises because the 'debugfs_lookup()' function was not properly managed, leading to unaddressed memory allocation. This issue has been resolved by changing the function call to 'debugfs_lookup_and_remove()', which automatically handles the necessary cleanup. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can lead to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and exhaustion over time.

Reproduction

The vulnerability can be reproduced by calling 'debugfs_lookup()' in the energy model debug removal function without subsequently calling 'dput()' to release the memory. This oversight creates a memory leak that can be observed over time as the leaked memory accumulates.

Remediation

The vulnerability has been addressed in the Linux kernel by updating the debugfs handling to use 'debugfs_lookup_and_remove()', which correctly manages the memory and prevents leaks. Users should upgrade to the latest version of the Linux kernel stable tree where this fix has been applied.