Linux Kernel PM/Devfreq Resource Leak Vulnerability in Devfreq Dev Release Function

A resource leak vulnerability has been identified in the Linux kernel's PM/devfreq subsystem. The issue arises in the 'devfreq_dev_release' function, where the 'srcu_init_notifier_head' function allocates resources that are not properly released. This oversight can lead to memory management issues. The vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability can cause a memory leak, where allocated resources are not properly released, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by initializing a devfreq device and then releasing it without properly cleaning up the associated notifier resources. This can be done by creating a devfreq governor that uses the transition notifier, and then releasing the device without calling 'srcu_cleanup_notifier_head' on the notifier list.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been addressed. Instructions for downloading the latest version can be found on the official Linux kernel website.