Linux Kernel Arc UART Of_Iomap Resource Leak Vulnerability in Serial Probe

A resource leak vulnerability has been identified in the Linux kernel's arc_uart serial driver. The issue arises in the 'arc_serial_probe' function, where the 'port->membase' variable, set by 'of_iomap', is not released if 'uart_add_one_port' fails. This oversight creates a resource leak. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability leads to a resource leak, where memory or resources are not properly released, potentially causing increased memory usage or exhaustion over time.

Reproduction

The vulnerability can be reproduced by probing a UART device using the arc_serial driver. If the 'uart_add_one_port' function fails, the 'port->membase' resource will not be released, causing a leak. This can be observed with tools that check for resource management issues, such as Smatch.

Remediation

The vulnerability has been addressed by replacing 'of_iomap' with 'devm_platform_ioremap_resource' in the 'arc_serial_probe' function. Users can apply the latest patches available in the Linux kernel stable tree to remediate this issue.