Linux Kernel Memory Leak Vulnerability in Clock Notifier Registration

A memory leak vulnerability has been identified in the Linux kernel's clock notifier registration process. The issue arises in the 'devm_clk_notifier_register()' function, which allocates a device resource for the clock notifier but fails to register it with the device. As a result, the notifier is not unregistered when the device is detached, leading to a resource leak. This vulnerability was discovered using 'kmemleak' on a Chromebook.

Impact

The vulnerability causes a memory leak by failing to properly unregister a clock notifier when a device is detached, leading to unfreed resources.

Reproduction

The vulnerability can be reproduced by using the 'devm_clk_notifier_register()' function to register a clock notifier without properly unregistering it when the associated device is detached. This can be done by attaching a notifier to a device, then detaching the device without first unregistering the notifier, which will result in a leaked resource. The 'kmemleak' tool can be used to detect the memory leak on a Chromebook.

Remediation

The vulnerability has been addressed by modifying the 'devm_clk_notifier_register()' function to include a call to 'devres_add()', which properly registers the resource with the device. Users can apply the available patch to their Linux kernel to fix the vulnerability.