Linux Kernel STM32 Regulator OF_IOMAP Leak Vulnerability

A memory leak vulnerability has been identified in the Linux kernel's STM32 power regulator driver. The issue arises in the 'stm32_pwr_regulator_probe()' function, where the 'base' variable, obtained from 'of_iomap()', is not properly released under certain error conditions. This can lead to a resource leak. The vulnerability affects the stable version of the Linux kernel.

Impact

The vulnerability can cause a memory leak, potentially leading to increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by loading the STM32 power regulator driver in the Linux kernel. When the 'stm32_pwr_regulator_probe()' function is called, the 'of_iomap()' function maps I/O memory for the device. If this mapping fails or if the subsequent regulator registration fails, the 'base' variable is not released, causing a memory leak.

Remediation

The vulnerability has been addressed by modifying the driver to use 'devm_platform_ioremap_resource()', which automatically manages the release of the 'base' variable regardless of the function's success or failure. This change has been applied in the latest version of the Linux kernel.