Linux Kernel Pinctrl Rockchip Refcount Leak Vulnerability

A refcount leak vulnerability has been identified in the Linux kernel's pinctrl driver for Rockchip SoCs. The issue arises in the function 'rockchip_pinctrl_parse_groups', where a node pointer returned by 'of_find_node_by_phandle' is not properly released using 'of_node_put' after it is no longer needed. This oversight can lead to a memory leak by failing to decrement the reference count of the node, potentially causing increased memory usage over time.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, potentially causing increased memory usage and degradation of system performance over time.

Reproduction

The vulnerability can be reproduced by using the Rockchip pinctrl driver in the Linux kernel. When the 'rockchip_pinctrl_parse_groups' function is called, it will process device nodes referenced by phandles. However, the function fails to release the references to these nodes after processing, leading to a refcount leak. This behavior can be observed by monitoring memory usage while the driver is active.

Remediation

The vulnerability has been addressed in the Linux kernel. Users can upgrade to the latest version of the stable Linux kernel to apply the fix.