Linux Kernel Refcount Leak Vulnerability in Marvell GICP IRQ Chip Driver

A refcount leak vulnerability has been identified in the Linux kernel's Marvell GICP IRQ chip driver, specifically within the 'mvebu_gicp_probe' function. The issue arises because the 'of_irq_find_parent' function returns a node pointer with an incremented reference count, which is not properly decremented when no longer needed. This oversight can lead to memory management issues. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability causes a refcount leak, which can lead to memory management issues, potentially allowing for use-after-free conditions or other memory-related vulnerabilities.

Reproduction

The vulnerability can be reproduced by probing the Marvell GICP IRQ chip driver without the necessary reference count management. This can be done by loading the driver in a Linux kernel environment where the vulnerability exists, such as in versions prior to the patch that addresses this issue. Once the driver is loaded, the missing 'of_node_put' call can be observed, leading to the refcount leak.

Remediation

Users can upgrade to the patched version of the Linux kernel where this vulnerability has been addressed. The patch is available in the Linux kernel stable tree.