Linux Kernel Cadence TTC Driver Memory Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's Cadence TTC timer driver. The issue arises in the 'ttc_timer_probe' function, where the 'timer_baseaddr' obtained from 'of_iomap()' is not properly released, leading to a memory leak. This vulnerability affects the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the Cadence TTC timer driver in the Linux kernel stable tree. The 'ttc_timer_probe' function will be called, where the 'timer_baseaddr' is retrieved using 'of_iomap()'. Since this address is not released after use, a memory leak occurs.

Remediation

The vulnerability has been addressed by replacing 'of_iomap()' with 'devm_of_iomap()', which automatically manages the memory, and by adding 'clk_put()' calls to clean up the clock resources. Users should update to the latest version of the Linux kernel where this fix has been applied.