Linux Kernel Memory Leak Vulnerability in USB Gadget Component

A memory leak vulnerability has been identified in the Linux kernel's USB gadget component, specifically within the bcm63xx_udc driver. This issue arises when the debugfs_lookup() function is called without subsequently releasing the reference with dput(), leading to a gradual increase in memory usage. The vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability causes a memory leak, which can accumulate over time and potentially lead to increased memory consumption and degradation of system performance.

Reproduction

The vulnerability can be reproduced by using the debugfs_lookup() function in the bcm63xx_udc driver without properly releasing the reference using dput(). This will result in a memory leak that accumulates over time.

Remediation

The vulnerability has been addressed by modifying the code to use debugfs_lookup_and_remove(), which automatically handles the reference management and prevents the memory leak.