Linux Kernel SiFive GPIO Driver Refcount Leak Vulnerability

A refcount leak vulnerability has been identified in the SiFive GPIO driver for the Linux kernel. The issue arises in the 'sifive_gpio_probe' function, where 'of_irq_find_parent' returns a node pointer with an incremented reference count. The driver fails to release this reference when it's no longer needed, leading to a memory leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where reference counts are not properly managed, potentially causing increased memory usage over time.

Reproduction

The vulnerability can be reproduced by loading the SiFive GPIO driver in the Linux kernel. The 'sifive_gpio_probe' function will be called, which triggers the refcount leak by not releasing the incremented reference count from 'of_irq_find_parent'.

Remediation

The vulnerability has been addressed in the Linux kernel by adding the missing 'of_node_put' call to properly manage the reference count. Users can upgrade to the latest version of the Linux kernel stable tree to apply this fix.