Linux Kernel Samsung TTY Memory Leak Vulnerability in Clock Management

A memory leak vulnerability has been identified in the Linux kernel's handling of Samsung TTY serial clocks, specifically within the S3C24XX serial driver. This issue arises when the driver iterates over available clocks to find the best match. If a better clock is found, the previously selected clock needs to be released. However, the current implementation fails to properly free the new clock if it replaces an existing one, leading to a memory leak. This vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability leads to a memory leak, causing increased memory usage that is not released back to the system.

Reproduction

The vulnerability can be reproduced by loading the Samsung TTY serial driver on a Linux kernel version that is affected by this issue. Once the driver is active, it will search for the best clock by iterating over all available options. The flawed logic in the clock management will cause a memory leak by failing to free the previously selected clock when a new, better match is found.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched. Instructions for downloading the latest kernel version can be found on the official Linux kernel website.